security-and-privacy/gnupg
security-and-privacy
/
gnupg
mirror of git://git.gnupg.org/gnupg.git
1
0
Fork 0
Code Releases Activity

Removed some set but unused variables.

This commit is contained in:
Werner Koch 2011-08-04 12:22:04 +02:00
parent 60d8c901ce
commit e306c18624
25 changed files with 811 additions and 788 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
ChangeLog
View File

@ -1,6 +1,7 @@
2011-08-04 Werner Koch <wk@g10code.com>
* configure.ac: Fix usage of AC_LANG_PROGRAM.
(AC_CHECK_HEADERS): Check for utmp.h.
2011-02-04 Werner Koch <wk@g10code.com>

9
agent/ChangeLog
View File

@ -1,3 +1,12 @@
2011-08-04 Werner Koch <wk@g10code.com>
* genkey.c (check_passphrase_pattern): Use gpg_strerror.
* command-ssh.c (ssh_receive_mpint_list): Remove set but unused
var ELEMS_PUBLIC_N.
* gpg-agent.c (main): Remove set but unused var MAY_COREDUMP.
2011-07-22 Werner Koch <wk@g10code.com>
* command-ssh.c (ssh_receive_key): Do not init comment to an empty

2
agent/command-ssh.c
View File

@ -875,7 +875,6 @@ static gpg_error_t
ssh_receive_mpint_list (estream_t stream, int secret,
ssh_key_type_spec_t key_spec, gcry_mpi_t **mpi_list)
{
unsigned int elems_public_n;
const char *elems_public;
unsigned int elems_n;
const char *elems;
@ -894,7 +893,6 @@ ssh_receive_mpint_list (estream_t stream, int secret,
elems_n = strlen (elems);
elems_public = key_spec.elems_key_public;
elems_public_n = strlen (elems_public);
mpis = xtrycalloc (elems_n + 1, sizeof *mpis );
if (!mpis)

36
agent/genkey.c
View File

@ -37,7 +37,7 @@ store_key (gcry_sexp_t private, const char *passphrase, int force)
unsigned char *buf;
size_t len;
unsigned char grip[20];
if ( !gcry_pk_get_keygrip (private, grip) )
{
log_error ("can't calculate keygrip\n");
@ -105,7 +105,7 @@ check_passphrase_pattern (ctrl_t ctrl, const char *pw)
if (!infp)
{
err = gpg_error_from_syserror ();
log_error (_("error creating temporary file: %s\n"), strerror (errno));
log_error (_("error creating temporary file: %s\n"), gpg_strerror (err));
return 1; /* Error - assume password should not be used. */
}
@ -113,7 +113,7 @@ check_passphrase_pattern (ctrl_t ctrl, const char *pw)
{
err = gpg_error_from_syserror ();
log_error (_("error writing to temporary file: %s\n"),
strerror (errno));
gpg_strerror (err));
fclose (infp);
return 1; /* Error - assume password should not be used. */
}
@ -143,7 +143,7 @@ check_passphrase_pattern (ctrl_t ctrl, const char *pw)
}
static int
static int
take_this_one_anyway2 (ctrl_t ctrl, const char *desc, const char *anyway_btn)
{
gpg_error_t err;
@ -161,7 +161,7 @@ take_this_one_anyway2 (ctrl_t ctrl, const char *desc, const char *anyway_btn)
}
static int
static int
take_this_one_anyway (ctrl_t ctrl, const char *desc)
{
return take_this_one_anyway2 (ctrl, desc, _("Take this one anyway"));
@ -182,18 +182,18 @@ check_passphrase_constraints (ctrl_t ctrl, const char *pw, int silent)
if (!pw)
pw = "";
if (utf8_charcount (pw) < minlen )
if (utf8_charcount (pw) < minlen )
{
char *desc;
if (silent)
return gpg_error (GPG_ERR_INV_PASSPHRASE);
desc = xtryasprintf
desc = xtryasprintf
( ngettext ("Warning: You have entered an insecure passphrase.%%0A"
"A passphrase should be at least %u character long.",
"A passphrase should be at least %u character long.",
"Warning: You have entered an insecure passphrase.%%0A"
"A passphrase should be at least %u characters long.",
"A passphrase should be at least %u characters long.",
minlen), minlen );
if (!desc)
return gpg_error_from_syserror ();
@ -203,17 +203,17 @@ check_passphrase_constraints (ctrl_t ctrl, const char *pw, int silent)
return err;
}
if (nonalpha_count (pw) < minnonalpha )
if (nonalpha_count (pw) < minnonalpha )
{
char *desc;
if (silent)
return gpg_error (GPG_ERR_INV_PASSPHRASE);
desc = xtryasprintf
desc = xtryasprintf
( ngettext ("Warning: You have entered an insecure passphrase.%%0A"
"A passphrase should contain at least %u digit or%%0A"
"special character.",
"special character.",
"Warning: You have entered an insecure passphrase.%%0A"
"A passphrase should contain at least %u digits or%%0A"
"special characters.",
@ -256,7 +256,7 @@ check_passphrase_constraints (ctrl_t ctrl, const char *pw, int silent)
"this is in general a bad idea!%0A"
"Please confirm that you do not want to "
"have any protection on your key."));
if (silent)
return gpg_error (GPG_ERR_INV_PASSPHRASE);
@ -288,7 +288,7 @@ reenter_compare_cb (struct pin_entry_info_s *pi)
KEYPARAM */
int
agent_genkey (ctrl_t ctrl, const char *keyparam, size_t keyparamlen,
membuf_t *outbuf)
membuf_t *outbuf)
{
gcry_sexp_t s_keyparam, s_key, s_private, s_public;
struct pin_entry_info_s *pi, *pi2;
@ -347,7 +347,7 @@ agent_genkey (ctrl_t ctrl, const char *keyparam, size_t keyparamlen,
xfree (pi);
return rc;
}
if (!*pi->pin)
{
xfree (pi);
@ -383,7 +383,7 @@ agent_genkey (ctrl_t ctrl, const char *keyparam, size_t keyparamlen,
return gpg_error (GPG_ERR_INV_DATA);
}
gcry_sexp_release (s_key); s_key = NULL;
/* store the secret key */
if (DBG_CRYPTO)
log_debug ("storing private key\n");
@ -422,7 +422,7 @@ agent_genkey (ctrl_t ctrl, const char *keyparam, size_t keyparamlen,
/* Apply a new passpahrse to the key S_SKEY and store it. */
int
agent_protect_and_store (ctrl_t ctrl, gcry_sexp_t s_skey)
agent_protect_and_store (ctrl_t ctrl, gcry_sexp_t s_skey)
{
struct pin_entry_info_s *pi, *pi2;
int rc;

3
agent/gpg-agent.c
View File

@ -550,7 +550,6 @@ main (int argc, char **argv )
{
ARGPARSE_ARGS pargs;
int orig_argc;
int may_coredump;
char **orig_argv;
FILE *configfp = NULL;
char *configname = NULL;
@ -624,7 +623,7 @@ main (int argc, char **argv )
setup_libgcrypt_logging ();
gcry_control (GCRYCTL_USE_SECURE_RNDPOOL);
may_coredump = disable_core_dumps ();
disable_core_dumps ();
/* Set default options. */
parse_rereadable_options (NULL, 0); /* Reset them to default values. */

7
common/ChangeLog
View File

@ -1,3 +1,10 @@
2011-08-04 Werner Koch <wk@g10code.com>
* pka.c (get_pka_info): Remove set but unused variables ARCOUNT
and NSCOUNT.
* estream.c (es_fwrite, es_fread): Remove set but unused variable
ERR.
2011-04-29 Werner Koch <wk@g10code.com>
* estream.c (es_pth_kill): New.

6
common/estream.c
View File

@ -2905,12 +2905,11 @@ es_fread (void *ES__RESTRICT ptr, size_t size, size_t nitems,
estream_t ES__RESTRICT stream)
{
size_t ret, bytes;
int err;
if (size * nitems)
{
ESTREAM_LOCK (stream);
err = es_readn (stream, ptr, size * nitems, &bytes);
es_readn (stream, ptr, size * nitems, &bytes);
ESTREAM_UNLOCK (stream);
ret = bytes / size;
@ -2927,12 +2926,11 @@ es_fwrite (const void *ES__RESTRICT ptr, size_t size, size_t nitems,
estream_t ES__RESTRICT stream)
{
size_t ret, bytes;
int err;
if (size * nitems)
{
ESTREAM_LOCK (stream);
err = es_writen (stream, ptr, size * nitems, &bytes);
es_writen (stream, ptr, size * nitems, &bytes);
ESTREAM_UNLOCK (stream);
ret = bytes / size;

18
common/pka.c
View File

@ -47,7 +47,7 @@
/* Parse the TXT resource record. Format is:
v=pka1;fpr=a4d94e92b0986ab5ee9dcd755de249965b0358a2;uri=string
For simplicity white spaces are not allowed. Because we expect to
use a new RRTYPE for this in the future we define the TXT really
strict for simplicity: No white spaces, case sensitivity of the
@ -70,7 +70,7 @@ parse_txt_record (char *buffer, unsigned char *fpr)
*pend++ = 0;
if (strcmp (p, "v=pka1"))
return -1; /* Wrong or missing version. */
p = pend;
pend = strchr (p, ';');
if (pend)
@ -82,11 +82,11 @@ parse_txt_record (char *buffer, unsigned char *fpr)
fpr[i] = xtoi_2 (p);
if (i != 20)
return -1; /* Fingerprint consists not of exactly 40 hexbytes. */
p = pend;
if (!p || !*p)
{
*buffer = 0;
*buffer = 0;
return 0; /* Success (no URI given). */
}
if (strncmp (p, "uri=", 4))
@ -119,7 +119,7 @@ get_pka_info (const char *address, unsigned char *fpr)
char *name;
adns_answer *answer = NULL;
char *buffer = NULL;
domain = strrchr (address, '@');
if (!domain || domain == address || !domain[1])
return NULL; /* Invalid mail address given. */
@ -146,7 +146,7 @@ get_pka_info (const char *address, unsigned char *fpr)
adns_finish (state);
return NULL;
}
if (answer->status != adns_s_ok
if (answer->status != adns_s_ok
|| answer->type != adns_r_txt || !answer->nrrs)
{
/* log_error ("DNS query returned an error: %s (%s)\n", */
@ -179,7 +179,7 @@ get_pka_info (const char *address, unsigned char *fpr)
HEADER h;
} answer;
int anslen;
int qdcount, ancount, nscount, arcount;
int qdcount, ancount;
int rc;
unsigned char *p, *pend;
const char *domain;
@ -210,8 +210,6 @@ get_pka_info (const char *address, unsigned char *fpr)
qdcount = ntohs (answer.h.qdcount);
ancount = ntohs (answer.h.ancount);
nscount = ntohs (answer.h.nscount);
arcount = ntohs (answer.h.arcount);
if (!ancount)
return NULL; /* Got no answer. */
@ -224,7 +222,7 @@ get_pka_info (const char *address, unsigned char *fpr)
rc = dn_skipname (p, pend);
if (rc == -1)
return NULL;
p += rc + QFIXEDSZ;
p += rc + QFIXEDSZ;
}
if (ancount > 1)

2
configure.ac
View File

@ -1024,7 +1024,7 @@ fi
AC_MSG_NOTICE([checking for header files])
AC_HEADER_STDC
AC_CHECK_HEADERS([string.h unistd.h langinfo.h termio.h locale.h getopt.h])
AC_CHECK_HEADERS([pty.h pwd.h inttypes.h])
AC_CHECK_HEADERS([pty.h utmp.h pwd.h inttypes.h])
AC_HEADER_TIME

8
g10/ChangeLog
View File

@ -1,3 +1,11 @@
2011-08-04 Werner Koch <wk@g10code.com>
* keyedit.c (show_key_with_all_names): Remove set but unused var
PK_VERION.
* sig-check.c (do_check): Remove set but unused var CTX.
* build-packet.c (do_user_id): Return RC.
2011-07-29 Werner Koch <wk@g10code.com>
* tdbio.c (open_db): Do not print read-only warning in quiet mode.

64
g10/build-packet.c
View File

@ -214,11 +214,11 @@ calc_packet_length( PACKET *pkt )
static void
write_fake_data (IOBUF out, gcry_mpi_t a)
{
if (a)
if (a)
{
unsigned int n;
void *p;
p = gcry_mpi_get_opaque ( a, &n );
iobuf_write (out, p, (n+7)/8 );
}
@ -239,7 +239,7 @@ do_user_id( IOBUF out, int ctb, PKT_user_id *uid )
write_header2( out, ctb, uid->len, 2 );
rc = iobuf_write( out, uid->name, uid->len );
}
return 0;
return rc;
}
static int
@ -248,13 +248,13 @@ do_public_key( IOBUF out, int ctb, PKT_public_key *pk )
int rc = 0;
int n, i;
IOBUF a = iobuf_temp();
if ( !pk->version )
iobuf_put( a, 3 );
else
iobuf_put( a, pk->version );
write_32(a, pk->timestamp );
if ( pk->version < 4 )
if ( pk->version < 4 )
{
u16 ndays;
if ( pk->expiredate )
@ -305,18 +305,18 @@ do_secret_key( IOBUF out, int ctb, PKT_secret_key *sk )
ndays = 0;
write_16(a, ndays);
}
iobuf_put (a, sk->pubkey_algo );
/* Get number of secret and public parameters. They are held in one
array first the public ones, then the secret ones. */
nskey = pubkey_get_nskey ( sk->pubkey_algo );
npkey = pubkey_get_npkey ( sk->pubkey_algo );
/* If we don't have any public parameters - which is the case if we
don't know the algorithm used - the parameters are stored as one
blob in a faked (opaque) MPI. */
if ( !npkey )
if ( !npkey )
{
write_fake_data( a, sk->skey[0] );
goto leave;
@ -327,11 +327,11 @@ do_secret_key( IOBUF out, int ctb, PKT_secret_key *sk )
for (i=0; i < npkey; i++ )
if ((rc = mpi_write (a, sk->skey[i])))
goto leave;
/* Build the header for protected (encrypted) secret parameters. */
if ( sk->is_protected )
if ( sk->is_protected )
{
if ( is_RSA(sk->pubkey_algo)
if ( is_RSA(sk->pubkey_algo)
&& sk->version < 4
&& !sk->protect.s2k.mode )
{
@ -351,12 +351,12 @@ do_secret_key( IOBUF out, int ctb, PKT_secret_key *sk )
private/experimental extension (this is not specified
in rfc2440 but the same scheme is used for all other
algorithm identifiers) */
iobuf_put(a, 101 );
iobuf_put(a, 101 );
iobuf_put(a, sk->protect.s2k.hash_algo );
iobuf_write(a, "GNU", 3 );
iobuf_put(a, sk->protect.s2k.mode - 1000 );
}
else
else
{
iobuf_put(a, sk->protect.s2k.mode );
iobuf_put(a, sk->protect.s2k.hash_algo );
@ -366,10 +366,10 @@ do_secret_key( IOBUF out, int ctb, PKT_secret_key *sk )
iobuf_write (a, sk->protect.s2k.salt, 8 );
if ( sk->protect.s2k.mode == 3 )
iobuf_put (a, sk->protect.s2k.count );
iobuf_put (a, sk->protect.s2k.count );
/* For our special modes 1001, 1002 we do not need an IV. */
if ( sk->protect.s2k.mode != 1001
if ( sk->protect.s2k.mode != 1001
&& sk->protect.s2k.mode != 1002 )
iobuf_write (a, sk->protect.iv, sk->protect.ivlen );
}
@ -378,10 +378,10 @@ do_secret_key( IOBUF out, int ctb, PKT_secret_key *sk )
iobuf_put (a, 0 );
if ( sk->protect.s2k.mode == 1001 )
; /* GnuPG extension - don't write a secret key at all. */
; /* GnuPG extension - don't write a secret key at all. */
else if ( sk->protect.s2k.mode == 1002 )
{
/* GnuPG extension - divert to OpenPGP smartcard. */
{
/* GnuPG extension - divert to OpenPGP smartcard. */
iobuf_put(a, sk->protect.ivlen ); /* Length of the serial number
or 0 for no serial
number. */
@ -393,19 +393,19 @@ do_secret_key( IOBUF out, int ctb, PKT_secret_key *sk )
/* The secret key is protected - write it out as it is. */
byte *p;
unsigned int ndatabits;
assert (gcry_mpi_get_flag (sk->skey[npkey], GCRYMPI_FLAG_OPAQUE));
p = gcry_mpi_get_opaque (sk->skey[npkey], &ndatabits );
iobuf_write (a, p, (ndatabits+7)/8 );
}
else if ( sk->is_protected )
else if ( sk->is_protected )
{
/* The secret key is protected the old v4 way. */
for ( ; i < nskey; i++ )
for ( ; i < nskey; i++ )
{
byte *p;
unsigned int ndatabits;
assert (gcry_mpi_get_flag (sk->skey[i], GCRYMPI_FLAG_OPAQUE));
p = gcry_mpi_get_opaque (sk->skey[i], &ndatabits);
iobuf_write (a, p, (ndatabits+7)/8);
@ -473,9 +473,9 @@ do_pubkey_enc( IOBUF out, int ctb, PKT_pubkey_enc *enc )
int rc = 0;
int n, i;
IOBUF a = iobuf_temp();
write_version( a, ctb );
if ( enc->throw_keyid )
if ( enc->throw_keyid )
{
write_32(a, 0 ); /* Don't tell Eve who can decrypt the message. */
write_32(a, 0 );
@ -529,7 +529,7 @@ do_plaintext( IOBUF out, int ctb, PKT_plaintext *pt )
for(i=0; i < pt->namelen; i++ )
iobuf_put(out, pt->name[i] );
rc = write_32(out, pt->timestamp );
if (rc)
if (rc)
return rc;
n = 0;
@ -645,7 +645,7 @@ delete_sig_subpkt (subpktarea_t *area, sigsubpkttype_t reqtype )
}
if( buflen < n )
break;
type = *buffer & 0x7f;
if( type == reqtype ) {
buffer++;
@ -679,7 +679,7 @@ delete_sig_subpkt (subpktarea_t *area, sigsubpkttype_t reqtype )
* Note: All pointers into sig->[un]hashed (e.g. returned by
* parse_sig_subpkt) are not valid after a call to this function. The
* data to put into the subpaket should be in a buffer with a length
* of buflen.
* of buflen.
*/
void
build_sig_subpkt (PKT_signature *sig, sigsubpkttype_t type,
@ -782,7 +782,7 @@ build_sig_subpkt (PKT_signature *sig, sigsubpkttype_t type,
case SIGSUBPKT_SIGNATURE:
hashed = 0;
break;
default:
default:
hashed = 1;
break;
}
@ -833,7 +833,7 @@ build_sig_subpkt (PKT_signature *sig, sigsubpkttype_t type,
memcpy (p, buffer, buflen);
}
if (hashed)
if (hashed)
sig->hashed = newarea;
else
sig->unhashed = newarea;
@ -1119,7 +1119,7 @@ do_signature( IOBUF out, int ctb, PKT_signature *sig )
if ( sig->version < 4 )
iobuf_put (a, 5 ); /* Constant */
iobuf_put (a, sig->sig_class );
if ( sig->version < 4 )
if ( sig->version < 4 )
{
write_32(a, sig->timestamp );
write_32(a, sig->keyid[0] );
@ -1127,7 +1127,7 @@ do_signature( IOBUF out, int ctb, PKT_signature *sig )
}
iobuf_put(a, sig->pubkey_algo );
iobuf_put(a, sig->digest_algo );
if ( sig->version >= 4 )
if ( sig->version >= 4 )
{
size_t nn;
/* Timestamp and keyid must have been packed into the subpackets

102
g10/keyedit.c
View File

@ -116,7 +116,7 @@ find_pk_from_sknode (KBNODE pub_keyblock, KBNODE sec_node)
KBNODE node = pub_keyblock;
PKT_secret_key *sk;
PKT_public_key *pk;
if (sec_node->pkt->pkttype == PKT_SECRET_KEY
&& node->pkt->pkttype == PKT_PUBLIC_KEY)
return node->pkt->pkt.public_key;
@ -130,7 +130,7 @@ find_pk_from_sknode (KBNODE pub_keyblock, KBNODE sec_node)
if (pk->keyid[0] == sk->keyid[0] && pk->keyid[1] == sk->keyid[1])
return pk;
}
return NULL;
}
#endif /* ENABLE_CARD_SUPPORT */
@ -528,7 +528,7 @@ sign_uids( KBNODE keyblock, strlist_t locusr, int *ret_modified,
}
/* build a list of all signators.
*
*
* We use the CERT flag to request the primary which must always
* be one which is capable of signing keys. I can't see a reason
* why to sign keys using a subkey. Implementation of USAGE_CERT
@ -705,7 +705,7 @@ sign_uids( KBNODE keyblock, strlist_t locusr, int *ret_modified,
{
tty_printf(_("The self-signature on \"%s\"\n"
"is a PGP 2.x-style signature.\n"),user);
/* Note that the regular PGP2 warning below
still applies if there are no v4 sigs on
this key at all. */
@ -1116,11 +1116,11 @@ change_passphrase (KBNODE keyblock, int *r_err)
sk = node->pkt->pkt.secret_key;
for (any = 0, node=keyblock; node; node = node->next) {
if (node->pkt->pkttype == PKT_SECRET_KEY
if (node->pkt->pkttype == PKT_SECRET_KEY
|| node->pkt->pkttype == PKT_SECRET_SUBKEY) {
PKT_secret_key *tmpsk = node->pkt->pkt.secret_key;
if (!(tmpsk->is_protected
&& (tmpsk->protect.s2k.mode == 1001
&& (tmpsk->protect.s2k.mode == 1001
|| tmpsk->protect.s2k.mode == 1002))) {
any = 1;
break;
@ -1132,7 +1132,7 @@ change_passphrase (KBNODE keyblock, int *r_err)
"no passphrase to change.\n"));
goto leave;
}
/* See how to handle this key. */
switch( is_secret_key_protected( sk ) ) {
case -1:
@ -1154,7 +1154,7 @@ change_passphrase (KBNODE keyblock, int *r_err)
u32 keyid[2];
tty_printf(_("Key is protected.\n"));
/* Clear the passphrase cache so that the user is required
to enter the old passphrase. */
keyid_from_sk (sk, keyid);
@ -1172,7 +1172,7 @@ change_passphrase (KBNODE keyblock, int *r_err)
if( node->pkt->pkttype == PKT_SECRET_SUBKEY ) {
PKT_secret_key *subsk = node->pkt->pkt.secret_key;
if ( !(subsk->is_protected
&& (subsk->protect.s2k.mode == 1001
&& (subsk->protect.s2k.mode == 1001
|| subsk->protect.s2k.mode == 1002))) {
set_next_passphrase( passphrase );
rc = check_secret_key( subsk, 0 );
@ -1229,7 +1229,7 @@ change_passphrase (KBNODE keyblock, int *r_err)
if( node->pkt->pkttype == PKT_SECRET_SUBKEY ) {
PKT_secret_key *subsk = node->pkt->pkt.secret_key;
if ( !(subsk->is_protected
&& (subsk->protect.s2k.mode == 1001
&& (subsk->protect.s2k.mode == 1001
|| subsk->protect.s2k.mode == 1002))) {
subsk->protect.algo = dek->algo;
subsk->protect.s2k = *s2k;
@ -1243,7 +1243,7 @@ change_passphrase (KBNODE keyblock, int *r_err)
else
{
u32 keyid[2];
/* Clear the cahce again so that the user is
required to enter the new passphrase at the
next operation. */
@ -1378,7 +1378,7 @@ static struct
int flags;
const char *desc;
} cmds[] =
{
{
{ "quit" , cmdQUIT , 0, N_("quit this menu") },
{ "q" , cmdQUIT , 0, NULL },
{ "save" , cmdSAVE , 0, N_("save and quit") },
@ -1421,9 +1421,9 @@ static struct
#ifdef ENABLE_CARD_SUPPORT
{ "addcardkey", cmdADDCARDKEY , KEYEDIT_NOT_SK|KEYEDIT_NEED_SK,
N_("add a key to a smartcard") },
{ "keytocard", cmdKEYTOCARD , KEYEDIT_NEED_SK|KEYEDIT_ONLY_SK,
{ "keytocard", cmdKEYTOCARD , KEYEDIT_NEED_SK|KEYEDIT_ONLY_SK,
N_("move a key to a smartcard")},
{ "bkuptocard", cmdBKUPTOCARD , KEYEDIT_NEED_SK|KEYEDIT_ONLY_SK,
{ "bkuptocard", cmdBKUPTOCARD , KEYEDIT_NEED_SK|KEYEDIT_ONLY_SK,
N_("move a backup key to a smartcard")},
#endif /*ENABLE_CARD_SUPPORT*/
@ -1589,7 +1589,7 @@ keyedit_menu( const char *username, strlist_t locusr,
size_t an;
fingerprint_from_pk (pk, afp, &an);
while (an < MAX_FINGERPRINT_LEN)
while (an < MAX_FINGERPRINT_LEN)
afp[an++] = 0;
rc = keydb_search_fpr (sec_kdbhd, afp);
}
@ -1746,7 +1746,7 @@ keyedit_menu( const char *username, strlist_t locusr,
redisplay=menu_select_uid_namehash(cur_keyblock,arg_string);
else
{
if (*arg_string == '*'
if (*arg_string == '*'
&& (!arg_string[1] || spacep (arg_string+1)))
arg_number = -1; /* Select all. */
redisplay = menu_select_uid (cur_keyblock, arg_number);
@ -1755,7 +1755,7 @@ keyedit_menu( const char *username, strlist_t locusr,
case cmdSELKEY:
{
if (*arg_string == '*'
if (*arg_string == '*'
&& (!arg_string[1] || spacep (arg_string+1)))
arg_number = -1; /* Select all. */
if (menu_select_key( cur_keyblock, arg_number))
@ -1910,7 +1910,7 @@ keyedit_menu( const char *username, strlist_t locusr,
switch ( count_selected_keys (sec_keyblock) )
{
case 0:
if (cpr_get_answer_is_yes
if (cpr_get_answer_is_yes
("keyedit.keytocard.use_primary",
/* TRANSLATORS: Please take care: This is about
moving the key and not about removing it. */
@ -1920,7 +1920,7 @@ keyedit_menu( const char *username, strlist_t locusr,
case 1:
for (node = sec_keyblock; node; node = node->next )
{
if (node->pkt->pkttype == PKT_SECRET_SUBKEY
if (node->pkt->pkttype == PKT_SECRET_SUBKEY
&& node->flag & NODFLG_SELKEY)
break;
}
@ -1972,15 +1972,15 @@ keyedit_menu( const char *username, strlist_t locusr,
fname, strerror(errno));
break;
}
/* Parse and check that file. */
pkt = xmalloc (sizeof *pkt);
init_packet (pkt);
rc = parse_packet (a, pkt);
iobuf_close (a);
iobuf_ioctl (NULL, 2, 0, (char*)fname); /* (invalidate cache). */
if (!rc
&& pkt->pkttype != PKT_SECRET_KEY
if (!rc
&& pkt->pkttype != PKT_SECRET_KEY
&& pkt->pkttype != PKT_SECRET_SUBKEY)
rc = G10ERR_NO_SECKEY;
if (rc)
@ -2323,9 +2323,9 @@ keyedit_passwd (const char *username)
if (err)
goto leave;
fingerprint_from_pk (pk, fpr, &fprlen);
while (fprlen < MAX_FINGERPRINT_LEN)
while (fprlen < MAX_FINGERPRINT_LEN)
fpr[fprlen++] = 0;
kdh = keydb_new (1);
if (!kdh)
{
@ -2340,7 +2340,7 @@ keyedit_passwd (const char *username)
goto leave;
err = keydb_get_keyblock (kdh, &keyblock);
if (err)
if (err)
goto leave;
if (!change_passphrase (keyblock, &err))
@ -2357,7 +2357,7 @@ keyedit_passwd (const char *username)
keydb_release (kdh);
if (err)
{
log_info ("error changing the passphrase for `%s': %s\n",
log_info ("error changing the passphrase for `%s': %s\n",
username, gpg_strerror (err));
write_status_error ("keyedit.passwd", gpg_err_code (err));
}
@ -2435,7 +2435,7 @@ show_prefs (PKT_user_id *uid, PKT_signature *selfsig, int verbose)
tty_printf ("[%d]", prefs[i].value);
if (prefs[i].value == CIPHER_ALGO_3DES )
des_seen = 1;
}
}
}
if (!des_seen) {
if (any)
@ -2469,7 +2469,7 @@ show_prefs (PKT_user_id *uid, PKT_signature *selfsig, int verbose)
for(i=any=0; prefs[i].type; i++ ) {
if( prefs[i].type == PREFTYPE_ZIP ) {
const char *s=compress_algo_to_string(prefs[i].value);
if (any)
tty_printf (", ");
any = 1;
@ -2614,15 +2614,15 @@ show_key_with_all_names_colon (KBNODE keyblock)
if ( (pk->pubkey_usage & PUBKEY_USAGE_AUTH) )
putchar ('a');
putchar('\n');
print_fingerprint (pk, NULL, 0);
print_revokers(pk);
}
}
/* the user ids */
i = 0;
for (node = keyblock; node; node = node->next)
for (node = keyblock; node; node = node->next)
{
if ( node->pkt->pkttype == PKT_USER_ID )
{
@ -2666,7 +2666,7 @@ show_key_with_all_names_colon (KBNODE keyblock)
if (pk_version>3 || uid->selfsigversion>3)
{
const prefitem_t *prefs = uid->prefs;
for (j=0; prefs && prefs[j].type; j++)
{
if (j)
@ -2675,12 +2675,12 @@ show_key_with_all_names_colon (KBNODE keyblock)
prefs[j].type == PREFTYPE_HASH ? 'H' :
prefs[j].type == PREFTYPE_ZIP ? 'Z':'?',
prefs[j].value);
}
}
if (uid->flags.mdc)
printf (",mdc");
if (!uid->flags.ks_modify)
printf (",no-ks-modify");
}
}
putchar (':');
/* flags */
printf ("%d,", i);
@ -2769,7 +2769,6 @@ show_key_with_all_names( KBNODE keyblock, int only_marked, int with_revoker,
KBNODE node;
int i;
int do_warn = 0;
byte pk_version=0;
PKT_public_key *primary=NULL;
if (opt.with_colons)
@ -2801,7 +2800,6 @@ show_key_with_all_names( KBNODE keyblock, int only_marked, int with_revoker,
do_warn = 1;
}
pk_version=pk->version;
primary=pk;
}
@ -2880,7 +2878,7 @@ show_key_with_all_names( KBNODE keyblock, int only_marked, int with_revoker,
tty_printf(_("trust: %s"), otrust);
tty_printf("%*s",width,"");
}
tty_printf(_("validity: %s"), trust );
tty_printf("\n");
}
@ -2916,7 +2914,7 @@ show_key_with_all_names( KBNODE keyblock, int only_marked, int with_revoker,
if (sk->is_protected && sk->protect.s2k.mode == 1002)
{
tty_printf(" ");
tty_printf(_("card-no: "));
tty_printf(_("card-no: "));
if (sk->protect.ivlen == 16
&& !memcmp (sk->protect.iv, "\xD2\x76\x00\x01\x24\x01", 6))
{ /* This is an OpenPGP card. */
@ -2942,7 +2940,7 @@ show_key_with_all_names( KBNODE keyblock, int only_marked, int with_revoker,
if (do_warn)
tty_printf (_("Please note that the shown key validity"
" is not necessarily correct\n"
"unless you restart the program.\n"));
"unless you restart the program.\n"));
}
@ -2962,7 +2960,7 @@ show_basic_key_info ( KBNODE keyblock )
if (node->pkt->pkttype == PKT_PUBLIC_KEY)
{
PKT_public_key *pk = node->pkt->pkt.public_key;
/* Note, we use the same format string as in other show
functions to make the translation job easier. */
tty_printf ("%s %4u%c/%s ",
@ -3001,7 +2999,7 @@ show_basic_key_info ( KBNODE keyblock )
{
PKT_user_id *uid = node->pkt->pkt.user_id;
++i;
tty_printf (" ");
if (uid->is_revoked)
tty_printf("[%s] ",_("revoked"));
@ -3938,7 +3936,7 @@ change_primary_uid_cb ( PKT_signature *sig, void *opaque )
delete_sig_subpkt (sig->unhashed, SIGSUBPKT_PRIMARY_UID);
/* if opaque is set,we want to set the primary id */
if (opaque) {
if (opaque) {
buf[0] = 1;
build_sig_subpkt (sig, SIGSUBPKT_PRIMARY_UID, buf, 1 );
}
@ -4071,7 +4069,7 @@ menu_set_primary_uid ( KBNODE pub_keyblock, KBNODE sec_keyblock )
}
/*
/*
* Set preferences to new values for the selected user IDs
*/
static int
@ -4122,7 +4120,7 @@ menu_set_preferences (KBNODE pub_keyblock, KBNODE sec_keyblock )
xfree(user);
}
else {
/* This is a selfsignature which is to be replaced
/* This is a selfsignature which is to be replaced
* We have to ignore v3 signatures because they are
* not able to carry the preferences */
PKT_signature *newsig;
@ -4152,7 +4150,7 @@ menu_set_preferences (KBNODE pub_keyblock, KBNODE sec_keyblock )
}
}
}
free_secret_key( sk );
return modified;
}
@ -4524,10 +4522,10 @@ menu_select_uid (KBNODE keyblock, int idx)
{
KBNODE node;
int i;
if (idx == -1) /* Select all. */
{
for (node = keyblock; node; node = node->next)
{
for (node = keyblock; node; node = node->next)
if (node->pkt->pkttype == PKT_USER_ID)
node->flag |= NODFLG_SELUID;
return 1;
@ -4566,7 +4564,7 @@ menu_select_uid (KBNODE keyblock, int idx)
if (node->pkt->pkttype == PKT_USER_ID)
node->flag &= ~NODFLG_SELUID;
}
return 1;
}
@ -4646,7 +4644,7 @@ menu_select_key (KBNODE keyblock, int idx)
{
if( node->pkt->pkttype == PKT_PUBLIC_SUBKEY
|| node->pkt->pkttype == PKT_SECRET_SUBKEY )
if (++i == idx)
if (++i == idx)
{
if ((node->flag & NODFLG_SELKEY))
node->flag &= ~NODFLG_SELKEY;
@ -4818,7 +4816,7 @@ menu_revsig( KBNODE keyblock )
/* First check whether we have any signatures at all. */
any = 0;
for (node = keyblock; node; node = node->next )
for (node = keyblock; node; node = node->next )
{
node->flag &= ~(NODFLG_SELSIG | NODFLG_MARK_A);
if (node->pkt->pkttype == PKT_USER_ID) {
@ -4844,7 +4842,7 @@ menu_revsig( KBNODE keyblock )
tty_printf (_("Not signed by you.\n"));
return 0;
}
/* FIXME: detect duplicates here */
tty_printf(_("You have signed these user IDs on key %s:\n"),

23
g10/sig-check.c
View File

@ -60,7 +60,7 @@ signature_check (PKT_signature *sig, gcry_md_hd_t digest)
}
int
signature_check2 (PKT_signature *sig, gcry_md_hd_t digest, u32 *r_expiredate,
signature_check2 (PKT_signature *sig, gcry_md_hd_t digest, u32 *r_expiredate,
int *r_expired, int *r_revoked, PKT_public_key *ret_pk )
{
PKT_public_key *pk = xmalloc_clear( sizeof *pk );
@ -130,8 +130,8 @@ signature_check2 (PKT_signature *sig, gcry_md_hd_t digest, u32 *r_expiredate,
* and the timestamp, but the drawback of this is, that it is
* not possible to sign more than one identical document within
* one second. Some remote batch processing applications might
* like this feature here.
*
* like this feature here.
*
* Note that before 2.0.10, we used RIPE-MD160 for the hash
* and accidently didn't include the timestamp and algorithm
* information in the hash. Given that this feature is not
@ -265,7 +265,6 @@ do_check( PKT_public_key *pk, PKT_signature *sig, gcry_md_hd_t digest,
{
gcry_mpi_t result = NULL;
int rc = 0;
struct cmp_help_context_s ctx;
if( (rc=do_check_messages(pk,sig,r_expired,r_revoked)) )
return rc;
@ -318,8 +317,6 @@ do_check( PKT_public_key *pk, PKT_signature *sig, gcry_md_hd_t digest,
result = encode_md_value( pk, NULL, digest, sig->digest_algo );
if (!result)
return G10ERR_GENERAL;
ctx.sig = sig;
ctx.md = digest;
rc = pk_verify( pk->pubkey_algo, result, sig->data, pk->pkey );
gcry_mpi_release (result);
@ -434,13 +431,13 @@ check_revocation_keys(PKT_public_key *pk,PKT_signature *sig)
for(i=0;i<pk->numrevkeys;i++)
{
u32 keyid[2];
keyid_from_fingerprint(pk->revkey[i].fpr,MAX_FINGERPRINT_LEN,keyid);
if(keyid[0]==sig->keyid[0] && keyid[1]==sig->keyid[1])
{
gcry_md_hd_t md;
if (gcry_md_open (&md, sig->digest_algo, 0))
BUG ();
hash_public_key(md,pk);
@ -454,7 +451,7 @@ check_revocation_keys(PKT_public_key *pk,PKT_signature *sig)
busy=0;
return rc;
}
}
/* Backsigs (0x19) have the same format as binding sigs (0x18), but
this function is simpler than check_key_signature in a few ways.
@ -539,8 +536,8 @@ check_key_signature2( KBNODE root, KBNODE node, PKT_public_key *check_pk,
cache refresh detects and clears these cases. */
if ( !opt.no_sig_cache ) {
if (sig->flags.checked) { /*cached status available*/
if( is_selfsig ) {
u32 keyid[2];
if( is_selfsig ) {
u32 keyid[2];
keyid_from_pk( pk, keyid );
if( keyid[0] == sig->keyid[0] && keyid[1] == sig->keyid[1] )
@ -560,7 +557,7 @@ check_key_signature2( KBNODE root, KBNODE node, PKT_public_key *check_pk,
return rc;
if( sig->sig_class == 0x20 ) { /* key revocation */
u32 keyid[2];
u32 keyid[2];
keyid_from_pk( pk, keyid );
/* is it a designated revoker? */

25
kbx/ChangeLog
View File

@ -1,3 +1,8 @@
2011-08-04 Werner Koch <wk@g10code.com>
* keybox-openpgp.c (parse_key): Remove set but unused vars
EXPIREDATE and NDAYS.
2010-07-23 Werner Koch <wk@g10code.com>
* keybox-blob.c (_keybox_create_x509_blob): Fix reallocation bug.
@ -40,7 +45,7 @@
* keybox-init.c (keybox_new, keybox_release): Track used handles.
(_keybox_close_file): New.
* keybox-update.c (keybox_insert_cert, keybox_set_flags)
* keybox-update.c (keybox_insert_cert, keybox_set_flags)
(keybox_delete, keybox_compress): Use the new close function.
2008-03-13 Werner Koch <wk@g10code.com>
@ -123,7 +128,7 @@
2005-06-15 Werner Koch <wk@g10code.com>
* keybox-file.c (_keybox_read_blob2): Make IMAGE unsigned.
(_keybox_write_blob):
(_keybox_write_blob):
* keybox-blob.c (create_blob_finish, _keybox_create_x509_blob):
Fixed warnings about signed/unsigned pointer mismatches.
@ -180,7 +185,7 @@
* keybox-blob.c (_keybox_update_header_blob): New.
* keybox-update.c (blob_filecopy): Handle header blob.
* keybox-file.c (_keybox_read_blob2): New. Moved code from
_keybox_read_blob to there.
_keybox_read_blob to there.
* keybox-dump.c (dump_header_blob): Print header info.
2004-04-21 Werner Koch <wk@gnupg.org>
@ -189,11 +194,11 @@
KEYBOX_FLAG_CREATED_AT.
* keybox-update.c (keybox_compress): New.
* keybox-search.c (get32, get16, blob_get_type)
(blob_get_blob_flags, has_short_kid, has_long_kid)
(has_fingerprint, has_issuer, has_issuer_sn, has_sn, has_subject)
* keybox-search.c (get32, get16, blob_get_type)
(blob_get_blob_flags, has_short_kid, has_long_kid)
(has_fingerprint, has_issuer, has_issuer_sn, has_sn, has_subject)
(has_subject_or_alt, has_mail): inline them.
* keybox-update.c (blob_filecopy): Fixed an error/eof check
(s/if(fread)/if(nread)/).
@ -217,17 +222,17 @@
* keybox-blob.c: Include time.h
2003-06-03 Werner Koch <wk@gnupg.org>
Changed all error codes in all files to the new libgpg-error scheme.
* keybox-defs.h: Include gpg-error.h .
(KeyboxError): Removed.
(KeyboxError): Removed.
* Makefile.am: Removed keybox-error.c stuff.
2002-11-14 Werner Koch <wk@gnupg.org>
* keybox-search.c (blob_cmp_name) <compare all names>: Fixed
length compare; there is no 0 stored since nearly a year.
length compare; there is no 0 stored since nearly a year.
2002-10-31 Neal H. Walfield <neal@g10code.de>

53
kbx/keybox-openpgp.c
View File

@ -72,8 +72,8 @@ enum packet_types
follwing data on success:
R_DATAPKT = Pointer to the begin of the packet data.
R_DATALEN = Length of this data. This has already been checked to fit
into the buffer.
R_DATALEN = Length of this data. This has already been checked to fit
into the buffer.
R_PKTTYPE = The packet type.
R_NTOTAL = The total number of bytes of this packet
@ -91,11 +91,11 @@ next_packet (unsigned char const **bufptr, size_t *buflen,
if (!len)
return gpg_error (GPG_ERR_NO_DATA);
ctb = *buf++; len--;
if ( !(ctb & 0x80) )
return gpg_error (GPG_ERR_INV_PACKET); /* Invalid CTB. */
pktlen = 0;
if ((ctb & 0x40)) /* New style (OpenPGP) CTB. */
{
@ -108,7 +108,7 @@ next_packet (unsigned char const **bufptr, size_t *buflen,
if ( c < 192 )
pktlen = c;
else if ( c < 224 )
{
{
pktlen = (c - 192) * 256;
if (!len)
return gpg_error (GPG_ERR_INV_PACKET); /* No 2nd length byte. */
@ -150,7 +150,7 @@ next_packet (unsigned char const **bufptr, size_t *buflen,
switch (pkttype)
{
case PKT_SIGNATURE:
case PKT_SECRET_KEY:
case PKT_SECRET_KEY:
case PKT_PUBLIC_KEY:
case PKT_SECRET_SUBKEY:
case PKT_MARKER:
@ -166,9 +166,9 @@ next_packet (unsigned char const **bufptr, size_t *buflen,
return gpg_error (GPG_ERR_UNEXPECTED);
}
if (pktlen == 0xffffffff)
if (pktlen == 0xffffffff)
return gpg_error (GPG_ERR_INV_PACKET);
if (pktlen > len)
return gpg_error (GPG_ERR_INV_PACKET); /* Packet length header too long. */
@ -195,7 +195,7 @@ parse_key (const unsigned char *data, size_t datalen,
const unsigned char *data_start = data;
int i, version, algorithm;
size_t n;
unsigned long timestamp, expiredate;
/*unsigned long timestamp;*/
int npkey;
unsigned char hashbuffer[768];
const unsigned char *mpi_n = NULL;
@ -207,23 +207,16 @@ parse_key (const unsigned char *data, size_t datalen,
version = *data++; datalen--;
if (version < 2 || version > 4 )
return gpg_error (GPG_ERR_INV_PACKET); /* Invalid version. */
timestamp = ((data[0]<<24)|(data[1]<<16)|(data[2]<<8)|(data[3]));
/*timestamp = ((data[0]<<24)|(data[1]<<16)|(data[2]<<8)|(data[3]));*/
data +=4; datalen -=4;
if (version < 4)
{
unsigned short ndays;
if (datalen < 2)
return gpg_error (GPG_ERR_INV_PACKET);
ndays = ((data[0]<<8)|(data[1]));
data +=2; datalen -= 2;
if (ndays)
expiredate = ndays? (timestamp + ndays * 86400L) : 0;
data += 2; datalen -= 2;
}
else
expiredate = 0; /* This is stored in the self-signature. */
if (!datalen)
return gpg_error (GPG_ERR_INV_PACKET);
@ -234,7 +227,7 @@ parse_key (const unsigned char *data, size_t datalen,
case 1:
case 2:
case 3: /* RSA */
npkey = 2;
npkey = 2;
break;
case 16:
case 20: /* Elgamal */
@ -250,7 +243,7 @@ parse_key (const unsigned char *data, size_t datalen,
for (i=0; i < npkey; i++ )
{
unsigned int nbits, nbytes;
if (datalen < 2)
return gpg_error (GPG_ERR_INV_PACKET);
nbits = ((data[0]<<8)|(data[1]));
@ -260,14 +253,14 @@ parse_key (const unsigned char *data, size_t datalen,
return gpg_error (GPG_ERR_INV_PACKET);
/* For use by v3 fingerprint calculation we need to know the RSA
modulus and exponent. */
if (i==0)
if (i==0)
{
mpi_n = data;
mpi_n = data;
mpi_n_len = nbytes;
}
else if (i==1)
mpi_e_len = nbytes;
data += nbytes; datalen -= nbytes;
}
n = data - data_start;
@ -287,12 +280,12 @@ parse_key (const unsigned char *data, size_t datalen,
memcpy (ki->fpr, gcry_md_read (md, 0), 16);
gcry_md_close (md);
ki->fprlen = 16;
if (mpi_n_len < 8)
{
/* Moduli less than 64 bit are out of the specs scope. Zero
them out becuase this is what gpg does too. */
memset (ki->keyid, 0, 8);
memset (ki->keyid, 0, 8);
}
else
memcpy (ki->keyid, mpi_n + mpi_n_len - 8, 8);
@ -353,7 +346,7 @@ _keybox_parse_openpgp (const unsigned char *image, size_t imagelen,
int first = 1;
struct _keybox_openpgp_key_info *k, **ktail = NULL;
struct _keybox_openpgp_uid_info *u, **utail = NULL;
memset (info, 0, sizeof *info);
if (nparsed)
*nparsed = 0;
@ -380,7 +373,7 @@ _keybox_parse_openpgp (const unsigned char *image, size_t imagelen,
}
else if (pkttype == PKT_PUBLIC_KEY || pkttype == PKT_SECRET_KEY)
break; /* Next keyblock encountered - ready. */
if (nparsed)
*nparsed += n;
@ -418,7 +411,7 @@ _keybox_parse_openpgp (const unsigned char *image, size_t imagelen,
if (err)
break;
}
else if( pkttype == PKT_PUBLIC_SUBKEY && datalen && *data == '#' )
else if( pkttype == PKT_PUBLIC_SUBKEY && datalen && *data == '#' )
{
/* Early versions of GnuPG used old PGP comment packets;
* luckily all those comments are prefixed by a hash
@ -482,7 +475,7 @@ _keybox_parse_openpgp (const unsigned char *image, size_t imagelen,
if (pkttype == PKT_PUBLIC_KEY || pkttype == PKT_SECRET_KEY)
break; /* Next keyblock encountered - ready. */
if (nparsed)
*nparsed += n;
}

116
scd/ChangeLog
View File

@ -1,9 +1,15 @@
2011-08-04 Werner Koch <wk@g10code.com>
* pcsc-wrapper.c (handle_open): Remove unused var LISTLEN.
* scdaemon.c (main): Remove var MAY_COREDUMP.
2011-01-25 NIIBE Yutaka <gniibe@fsij.org>,
Grant Olson <kgo@grant-olson.net> (wk)
* command.c (do_reset, get_reader_slot)
(update_reader_status_file): Fix handling of the VALID flag for
unplugged readers.
unplugged readers.
2010-03-17 Werner Koch <wk@g10code.com>
@ -123,7 +129,7 @@
* app-openpgp.c (change_keyattr): New.
(do_writekey): Call it.
* app-openpgp.c (does_key_exist): Add arg GENERATING. Change
callers.
@ -226,7 +232,7 @@
* app-nks.c (do_decipher): Make it work for TCOS 3.
* iso7816.c (iso7816_decipher): Add arg EXTENDED_MODE.
* apdu.c (apdu_send): Add arg EXTENDED_MODE and change all callers.
(apdu_send_le): Ditto.
(apdu_send_le): Ditto.
(apdu_send_direct): Ditto, but not yet functional.
(send_le): Fix command chaining. Implement extended length option.
* ccid-driver.c (ccid_transceive): Remove restriction on apdu length.
@ -310,7 +316,7 @@
(aid_nks): .. new.
(aid_sigg): New.
(switch_application): New.
(do_getattr, do_learn_status, do_readcert, do_sign, do_decipher)
(do_getattr, do_learn_status, do_readcert, do_sign, do_decipher)
(do_change_pin, do_check_pin): Make sure we are in NKS mode.
2009-03-03 Werner Koch <wk@g10code.com>
@ -342,22 +348,22 @@
* ccid-driver.c (ccid_get_atr): Move debug output to ..
(print_r2p_parameters): .. new.
(print_r2p_header, print_pr_data, print_r2p_unknown)
(print_r2p_datablock, print_r2p_slotstatus, print_r2p_escape)
(print_r2p_datablock, print_r2p_slotstatus, print_r2p_escape)
(print_r2p_datarate): New.
(bulk_in): Call parameter printing.
(ccid_set_debug_level): Add debug level 3.
(convert_le_u16): New.
(print_p2r_header, print_p2r_iccpoweron, print_p2r_iccpoweroff)
(print_p2r_getslotstatus, print_p2r_xfrblock)
(print_p2r_getparameters, print_p2r_resetparameters)
(print_p2r_setparameters, print_p2r_escape, print_p2r_iccclock)
(print_p2r_to0apdu, print_p2r_secure, print_p2r_mechanical)
(print_p2r_header, print_p2r_iccpoweron, print_p2r_iccpoweroff)
(print_p2r_getslotstatus, print_p2r_xfrblock)
(print_p2r_getparameters, print_p2r_resetparameters)
(print_p2r_setparameters, print_p2r_escape, print_p2r_iccclock)
(print_p2r_to0apdu, print_p2r_secure, print_p2r_mechanical)
(print_p2r_abort, print_p2r_setdatarate, print_r2p_unknown): New.
(bulk_out): Add arg NO_DEBUG and change all callers to pass 0.
Call parameter printing.
(ccid_slot_status): Call with NO_DEBUG set.
(abort_cmd, send_escape_cmd, ccid_get_atr, ccid_get_atr)
(ccid_transceive_apdu_level, ccid_transceive)
(abort_cmd, send_escape_cmd, ccid_get_atr, ccid_get_atr)
(ccid_transceive_apdu_level, ccid_transceive)
(ccid_transceive_secure): Remove old debug print code.
2009-02-12 Werner Koch <wk@g10code.com>
@ -408,7 +414,7 @@
2008-12-18 Werner Koch <wk@g10code.com>
* ccid-driver.c (abort_cmd): New.
* ccid-driver.c (abort_cmd): New.
(bulk_in): Call abort_cmd after severe errors.
* apdu.c (reader_table_s): Add field ANY_STATUS.
@ -455,7 +461,7 @@
(update_reader_status_file): Disconnect if allowed.
* app-common.h (app_ctx_s): Remove INITIALIZED. Make REF_COUNT
unsigned.
unsigned.
* app.c (select_application): Remove INITIALIZED.
(app_write_learn_status, app_readcert, app_readkey, app_getattr)
(app_setattr, app_sign, app_decipher, app_writecert)
@ -472,7 +478,7 @@
* app.c (app_get_serial_and_stamp): Use bin2hex.
* app-help.c (app_help_get_keygrip_string): Ditto.
* app-p15.c (send_certinfo, send_keypairinfo, do_getattr): Ditto.
* app-openpgp.c (send_fpr_if_not_null, send_key_data)
* app-openpgp.c (send_fpr_if_not_null, send_key_data)
(retrieve_fpr_from_card, send_keypair_info): Ditto.
* app-nks.c (keygripstr_from_pk_file): Ditto.
* command.c (cmd_apdu): Ditto.
@ -579,7 +585,7 @@
(do_change_pin): Do not change CHV2. Add reset code logic for v2
cards.
* iso7816.c (iso7816_reset_retry_counter_with_rc): New.
* app-openpgp.c (add_tlv, build_privkey_template): New.
(do_writekey): Support v2 keys and other key lengths than 1024.
* iso7816.c (iso7816_put_data_odd): New.
@ -697,7 +703,7 @@
* scdaemon.c (main): Pass STANDARD_SOCKET flag to
create_server_socket.
2007-11-13 Werner Koch <wk@g10code.com>
* scdaemon.c (start_connection_thread): Do not call
@ -938,7 +944,7 @@
2006-09-06 Werner Koch <wk@g10code.com>
* apdu.c (pcsc_end_transaction):
* apdu.c (pcsc_end_transaction):
* pcsc-wrapper.c (pcsc_end_transaction: Fixed dclaration.
Reported by Bob Dunlop.
@ -947,7 +953,7 @@
Replaced all Assuan error codes by libgpg-error codes. Removed
all map_to_assuan_status and map_assuan_err.
* scdaemon.c (main): Call assuan_set_assuan_err_source to have Assuan
switch to gpg-error codes.
* command.c (set_error): Adjusted.
@ -1026,7 +1032,7 @@
2006-02-09 Werner Koch <wk@g10code.com>
* command.c (get_reader_slot, do_reset)
* command.c (get_reader_slot, do_reset)
(scd_update_reader_status_file): Rewrote.
* app.c (release_application): Factored code out to ..
@ -1091,12 +1097,12 @@
* iso7816.h (struct iso7816_pininfo_s): New.
* iso7816.c (map_sw): Support new code.
(iso7816_check_keypad): New.
(iso7816_verify_kp, iso7816_change_reference_data_kp)
(iso7816_verify_kp, iso7816_change_reference_data_kp)
(iso7816_reset_retry_counter_kp): New. Extended versions of the
original functions.
* apdu.c (host_sw_string): Support new code.
* apdu.c (host_sw_string): Support new code.
(reader_table_s): New field CHECK_KEYPAD.
(new_reader_slot, open_ct_reader, open_pcsc_reader)
(new_reader_slot, open_ct_reader, open_pcsc_reader)
(open_ccid_reader, open_rapdu_reader): Initialize it.
(check_ccid_keypad): New.
(apdu_check_keypad): New.
@ -1105,7 +1111,7 @@
of the orginal function to use this one with a NULL for the new
arg.
(apdu_send_simple_kp): New.
(ct_send_apdu, pcsc_send_apdu, my_rapdu_send_apdu)
(ct_send_apdu, pcsc_send_apdu, my_rapdu_send_apdu)
(send_apdu_ccid): New arg PININFO.
(send_apdu_ccid): Use the new arg.
@ -1161,7 +1167,7 @@
* iso7816.c (iso7816_read_binary): Use Le=0 when reading all
data. Handle 6C00 error and take 6B00 as indication for EOF.
* apdu.h (SW_EXACT_LENGTH_P): New.
* apdu.c (new_reader_slot, reset_pcsc_reader, pcsc_get_status)
* apdu.c (new_reader_slot, reset_pcsc_reader, pcsc_get_status)
(open_pcsc_reader): Set new reader state IS_T0.
(apdu_send_le): When doing T=0 make sure not to send Lc and Le.
Problem reported by Carl Meijer.
@ -1188,7 +1194,7 @@
2005-06-06 Werner Koch <wk@g10code.com>
* scdaemon.c (main): New option --debug-allow-core-dump.
* scdaemon.c (main): New option --debug-allow-core-dump.
2005-06-03 Werner Koch <wk@g10code.com>
@ -1334,9 +1340,9 @@
variant.
* app-openpgp.c (get_one_do, dump_all_do): Ditto.
Removal of the old OpenSC based code.
* app-p15.c: New. Basic support for pkcs15 cards without OpenSC.
There are quite a couple of things missing but at least I can use
my old TCOS cards from the Aegypten-1 development for signing.
@ -1344,7 +1350,7 @@
* Makefile.am (scdaemon_SOURCES): Removed card.c, card-common.h
and card-p15.c because they are now obsolete. Added app-p15.c.
Removed all OpenSC stuff.
* command.c (do_reset, open_card, cmd_serialno, cmd_learn)
* command.c (do_reset, open_card, cmd_serialno, cmd_learn)
(cmd_readcert, cmd_readkey, cmd_pksign, cmd_pkdecrypt): Removed
all special cases for the old card.c based mechanisms.
* scdaemon.c, apdu.c: Removed all special cases for OpenSC.
@ -1365,7 +1371,7 @@
2005-04-12 Werner Koch <wk@g10code.com>
Basic support for several sessions.
* command.c (scd_command_handler): Replace the primary_connection
stuff by a real connection list. Release the local context on
exit.
@ -1373,7 +1379,7 @@
to all connections who registered an event signal.
(cmd_lock, cmd_unlock, register_commands): New commands LOCK and
UNLOCK.
(cmd_setdata, cmd_pksign, cmd_pkauth, cmd_pkdecrypt, cmd_setattr)
(cmd_setdata, cmd_pksign, cmd_pkauth, cmd_pkdecrypt, cmd_setattr)
(cmd_genkey, cmd_passwd, cmd_checkpin): Return an error if reader
is locked.
(do_reset): Handle locking.
@ -1443,7 +1449,7 @@
* apdu.c: Added some PCSC error codes.
(pcsc_error_to_sw): New.
(reset_pcsc_reader, pcsc_get_status, pcsc_send_apdu)
(reset_pcsc_reader, pcsc_get_status, pcsc_send_apdu)
(open_pcsc_reader): Do proper error code mapping.
2005-03-16 Werner Koch <wk@g10code.com>
@ -1524,7 +1530,7 @@
* apdu.c [W32]: Disable use of pcsc_wrapper.
* Makefile.am (scdaemon_LDADD): Reorder libs.
(sc_copykeys_LDADD): Add libassuan because it is needed for W32.
(sc_copykeys_LDADD): Add libassuan because it is needed for W32.
2004-12-06 Werner Koch <wk@g10code.com>
@ -1541,17 +1547,17 @@
This avoids problems with missing vasprintf implementations in
gnupg 1.4.
* app-common.h (app_openpgp_storekey: Add prototype.
* app-common.h (app_openpgp_storekey: Add prototype.
2004-10-20 Werner Koch <wk@g10code.com>
* sc-investigate: Removed.
* Makefile.am (sc_investigate): Removed.
* pcsc-wrapper.c (load_pcsc_driver): Load get_status_change func.
(handle_open): Succeed even without a present card.
(handle_status, handle_reset): New.
* apdu.c (apdu_open_reader): Load pcsc_get_status_change fucntion.
(pcsc_get_status): Implemented.
(reset_pcsc_reader): Implemented.
@ -1566,7 +1572,7 @@
2004-10-14 Werner Koch <wk@g10code.com>
* app-openpgp.c (parse_login_data): New.
* app-openpgp.c (parse_login_data): New.
(app_select_openpgp): Call it.
(do_setattr): Reparse it after change.
@ -1593,7 +1599,7 @@
* app-openpgp.c: Made all strings translatable.
(verify_chv3) [GNUPG_MAJOR_VERSION]: Make opt.allow_admin
available for use in gnupg 2.
available for use in gnupg 2.
(verify_chv3): Reimplemented countdown showing to use only
functions from this module. Flush the CVH status cache on a
successful read.
@ -1604,7 +1610,7 @@
(get_cached_data): Move local data initialization to ..
(app_select_openpgp): .. here. Read some flags for later use.
(do_getattr): New read-only attribute EXTCAP.
* apdu.c (open_pcsc_reader): Do not print empty reader string.
* ccid-driver.c (do_close_reader): Factored some code out from ...
@ -1689,21 +1695,21 @@
* Makefile.am: Make OpenSC lib link after libgcrypt. Do not link
to pth.
* apdu.c: Don't use Pth if we use OpenSC.
* sc-investigate.c, scdaemon.c: Disable use of pth if OpenSC is used.
* sc-investigate.c, scdaemon.c: Disable use of pth if OpenSC is used.
* scdaemon.c (main): Bumbed thread stack size up to 512k.
2004-07-16 Werner Koch <wk@gnupg.org>
* apdu.c (reader_table_s): Add function pointers for the backends.
(apdu_close_reader, apdu_get_status, apdu_activate)
(apdu_close_reader, apdu_get_status, apdu_activate)
(send_apdu): Make use of them.
(new_reader_slot): Intialize them to NULL.
(dump_ccid_reader_status, ct_dump_reader_status): New.
(dump_pcsc_reader_status): New.
(open_ct_reader, open_pcsc_reader, open_ccid_reader)
(open_ct_reader, open_pcsc_reader, open_ccid_reader)
(open_osc_reader, open_rapdu_reader): Intialize function pointers.
(ct_activate_card, ct_send_apdu, pcsc_send_apdu, osc_send_apdu)
(ct_activate_card, ct_send_apdu, pcsc_send_apdu, osc_send_apdu)
(error_string): Removed. Replaced by apdu_strerror.
(get_ccid_error_string): Removed.
(ct_activate_card): Remove the unused loop.
@ -1834,7 +1840,7 @@
* apdu.h: New pseudo stati SW_HOST_NOT_SUPPORTED,
SW_HOST_LOCKING_FAILED and SW_HOST_BUSY.
* iso7816.c (map_sw): Map it.
* ccid-driver.c (ccid_slot_status): Add arg STATUSBITS.
* apdu.c (apdu_get_status): New.
(ct_get_status, pcsc_get_status, ocsc_get_status): New stubs.
@ -1843,7 +1849,7 @@
(reset_ct_reader, reset_pcsc_reader, reset_osc_reader): New stubs.
(reset_ccid_reader): New.
(apdu_enum_reader): New.
* apdu.c (lock_slot, trylock_slot, unlock_slot): New helpers.
(new_reader_slot) [USE_GNU_PTH]: Init mutex.
(apdu_reset, apdu_get_status, apdu_send_le): Run functions
@ -1936,7 +1942,7 @@
(cmd_serialno): Allow optional argument to select the desired
application.
* app-nks.c: New.
* app-nks.c: New.
* scdaemon.h (opt): Add READER_PORT.
* scdaemon.c (main): Set it here.
@ -2107,12 +2113,12 @@
* ccid-driver.c, ccid-driver.h: New but far from being useful.
* Makefile.am: Add above.
* apdu.c: Add support for that ccid driver.
2003-08-26 Timo Schulz <twoaday@freakmail.de>
* apdu.c (new_reader_slot): Only set 'is_osc' when OpenSC
is used.
2003-08-25 Werner Koch <wk@gnupg.org>
* command.c (cmd_setattr): Use a copy of LINE.
@ -2128,7 +2134,7 @@
2003-08-18 Werner Koch <wk@gnupg.org>
* Makefile.am: Add OPENSC_LIBS to all programs.
* Makefile.am: Add OPENSC_LIBS to all programs.
* scdaemon.c, scdaemon.h: New option --disable-opensc.
* card.c (card_open): Implement it.
@ -2168,7 +2174,7 @@
* scdaemon.c, scdaemon.h: New option --ctapi-driver.
* sc-investigate.c, sc-copykeys.c: Ditto.
2003-07-31 Werner Koch <wk@gnupg.org>
* Makefile.am (scdaemon_LDADD): Added INTLLIBS.
@ -2244,7 +2250,7 @@
* app-openpgp.c (get_sig_counter): New.
(do_sign): Print the signature counter and enable the PIN callback.
(do_genkey): Implement the PIN callback.
(do_genkey): Implement the PIN callback.
2003-07-01 Werner Koch <wk@gnupg.org>
@ -2315,7 +2321,7 @@
* apdu.c, apdu.h: New
* card.c, card-p15.c, card-dinsig.c: Allow build without OpenSC.
* Makefile.am (LDFLAGS): Removed.
* command.c (register_commands): Adjusted for new Assuan semantics.
@ -2348,7 +2354,7 @@
2002-07-30 Werner Koch <wk@gnupg.org>
Changes to cope with OpenSC 0.7.0:
* card.c: Removed the check for the packed opensc version.
Changed include file names of opensc.
(map_sc_err): Adjusted error codes for new opensc version.
@ -2356,7 +2362,7 @@
* card-dinsig.c: Ditto.
* card-p15.c (p15_decipher): Add flags argument to OpenSC call.
2002-07-24 Werner Koch <wk@gnupg.org>
* card.c (find_simple_tlv, find_iccsn): New.
@ -2402,7 +2408,7 @@
* scdaemon.c scdaemon.h, command.c: New. Based on the code from
the gpg-agent.
Copyright 2002, 2003, 2004, 2005, 2007, 2008 Free Software Foundation, Inc.
This file is free software; as a special exception the author gives

55
scd/apdu.c
View File

@ -344,7 +344,7 @@ new_reader_slot (void)
reader_table[reader].dump_status_reader = NULL;
reader_table[reader].set_progress_cb = NULL;
reader_table[reader].used = 1;
reader_table[reader].used = 1;
reader_table[reader].any_status = 0;
reader_table[reader].last_status = 0;
reader_table[reader].is_t0 = 1;
@ -395,8 +395,8 @@ host_sw_string (long err)
case SW_HOST_GENERAL_ERROR: return "general error";
case SW_HOST_NO_READER: return "no reader";
case SW_HOST_ABORTED: return "aborted";
case SW_HOST_NO_KEYPAD: return "no keypad";
case SW_HOST_ALREADY_CONNECTED: return "already connected";
case SW_HOST_NO_KEYPAD: return "no keypad";
case SW_HOST_ALREADY_CONNECTED: return "already connected";
default: return "unknown host status error";
}
}
@ -772,7 +772,7 @@ pcsc_error_to_sw (long ec)
case PCSC_E_INVALID_TARGET:
case PCSC_E_INVALID_VALUE:
case PCSC_E_INVALID_HANDLE:
case PCSC_E_INVALID_HANDLE:
case PCSC_E_INVALID_PARAMETER:
case PCSC_E_INSUFFICIENT_BUFFER: rc = SW_HOST_INV_VALUE; break;
@ -986,7 +986,7 @@ pcsc_get_status (int slot, unsigned int *status)
#ifndef NEED_PCSC_WRAPPER
static int
pcsc_send_apdu_direct (int slot, unsigned char *apdu, size_t apdulen,
unsigned char *buffer, size_t *buflen,
unsigned char *buffer, size_t *buflen,
struct pininfo_s *pininfo)
{
long err;
@ -1022,7 +1022,7 @@ pcsc_send_apdu_direct (int slot, unsigned char *apdu, size_t apdulen,
#ifdef NEED_PCSC_WRAPPER
static int
pcsc_send_apdu_wrapped (int slot, unsigned char *apdu, size_t apdulen,
unsigned char *buffer, size_t *buflen,
unsigned char *buffer, size_t *buflen,
struct pininfo_s *pininfo)
{
long err;
@ -1141,7 +1141,7 @@ pcsc_send_apdu_wrapped (int slot, unsigned char *apdu, size_t apdulen,
BUFLEN. Returns: A status word. */
static int
pcsc_send_apdu (int slot, unsigned char *apdu, size_t apdulen,
unsigned char *buffer, size_t *buflen,
unsigned char *buffer, size_t *buflen,
struct pininfo_s *pininfo)
{
#ifdef NEED_PCSC_WRAPPER
@ -1270,7 +1270,7 @@ connect_pcsc_card (int slot)
if (err)
{
reader_table[slot].pcsc.card = 0;
if (err != PCSC_E_NO_SMARTCARD)
if (err != PCSC_E_NO_SMARTCARD)
log_error ("pcsc_connect failed: %s (0x%lx)\n",
pcsc_error_string (err), err);
}
@ -1320,7 +1320,7 @@ disconnect_pcsc_card (int slot)
assert (slot >= 0 && slot < MAX_READER);
if (!reader_table[slot].pcsc.card)
return 0;
return 0;
err = pcsc_disconnect (reader_table[slot].pcsc.card, PCSC_LEAVE_CARD);
if (err)
@ -1584,7 +1584,8 @@ open_pcsc_reader_wrapped (const char *portstr)
unsigned char msgbuf[9];
int err;
unsigned int dummy_status;
int sw = SW_HOST_CARD_IO_ERROR;
/*int sw = SW_HOST_CARD_IO_ERROR;*/
/* Note that we use the constant and not the fucntion because this
code won't be be used under Windows. */
const char *wrapperpgm = GNUPG_LIBEXECDIR "/gnupg-pcsc-wrapper";
@ -1728,7 +1729,7 @@ open_pcsc_reader_wrapped (const char *portstr)
if (err)
{
log_error ("PC/SC OPEN failed: %s\n", pcsc_error_string (err));
sw = pcsc_error_to_sw (err);
/*sw = pcsc_error_to_sw (err);*/
goto command_failed;
}
@ -2618,7 +2619,7 @@ apdu_connect (int slot)
}
else
sw = 0;
/* We need to call apdu_get_status_internal, so that the last-status
machinery gets setup properly even if a card is inserted while
scdaemon is fired up and apdu_get_status has not yet been called.
@ -2876,7 +2877,7 @@ send_apdu (int slot, unsigned char *apdu, size_t apdulen,
if (reader_table[slot].send_apdu_reader)
return reader_table[slot].send_apdu_reader (slot,
apdu, apdulen,
buffer, buflen,
buffer, buflen,
pininfo);
else
return SW_HOST_NOT_SUPPORTED;
@ -2904,7 +2905,7 @@ send_le (int slot, int class, int ins, int p0, int p1,
{
#define SHORT_RESULT_BUFFER_SIZE 258
/* We allocate 8 extra bytes as a safety margin towards a driver bug. */
unsigned char short_result_buffer[SHORT_RESULT_BUFFER_SIZE+10];
unsigned char short_result_buffer[SHORT_RESULT_BUFFER_SIZE+10];
unsigned char *result_buffer = NULL;
size_t result_buffer_size;
unsigned char *result;
@ -2942,16 +2943,16 @@ send_le (int slot, int class, int ins, int p0, int p1,
if (lc > 16384)
return SW_WRONG_LENGTH; /* Sanity check. */
if ((class&0xf0) != 0)
return SW_HOST_INV_VALUE; /* Upper 4 bits need to be 0. */
use_chaining = extended_mode == -1? 255 : -extended_mode;
return SW_HOST_INV_VALUE; /* Upper 4 bits need to be 0. */
use_chaining = extended_mode == -1? 255 : -extended_mode;
use_chaining &= 0xff;
}
else
else
return SW_HOST_INV_VALUE;
}
else if (lc == -1 && extended_mode > 0)
use_extended_length = 1;
if (le != -1 && (le > (extended_mode > 0? 255:256) || le < 0))
{
/* Expected Data does not fit into an APDU. What we do now
@ -2964,7 +2965,7 @@ send_le (int slot, int class, int ins, int p0, int p1,
; /* We are already using extended length. */
else if (extended_mode > 0)
use_extended_length = 1;
else
else
return SW_HOST_INV_VALUE;
}
@ -3035,8 +3036,8 @@ send_le (int slot, int class, int ins, int p0, int p1,
}
if (le != -1)
{
apdu[apdulen++] = ((le >> 8) & 0xff);
apdu[apdulen++] = (le & 0xff);
apdu[apdulen++] = ((le >> 8) & 0xff);
apdu[apdulen++] = (le & 0xff);
}
}
else
@ -3090,7 +3091,7 @@ send_le (int slot, int class, int ins, int p0, int p1,
return rc? rc : SW_HOST_INCOMPLETE_CARD_RESPONSE;
}
sw = (result[resultlen-2] << 8) | result[resultlen-1];
if (!use_extended_length
if (!use_extended_length
&& !did_exact_length_hack && SW_EXACT_LENGTH_P (sw))
{
apdu[apdulen-1] = (sw & 0x00ff);
@ -3106,7 +3107,7 @@ send_le (int slot, int class, int ins, int p0, int p1,
apdu_buffer = NULL;
apdu_buffer_size = 0;
}
/* Store away the returned data but strip the statusword. */
resultlen -= 2;
if (DBG_CARD_IO)
@ -3249,7 +3250,7 @@ send_le (int slot, int class, int ins, int p0, int p1,
that data will be put into *RETBUFLEN. The caller is reponsible
for releasing the buffer even in case of errors. */
int
apdu_send_le(int slot, int extended_mode,
apdu_send_le(int slot, int extended_mode,
int class, int ins, int p0, int p1,
int lc, const char *data, int le,
unsigned char **retbuf, size_t *retbuflen)
@ -3292,7 +3293,7 @@ apdu_send_simple (int slot, int extended_mode,
int class, int ins, int p0, int p1,
int lc, const char *data)
{
return send_le (slot, class, ins, p0, p1, lc, data, -1, NULL, NULL, NULL,
return send_le (slot, class, ins, p0, p1, lc, data, -1, NULL, NULL, NULL,
extended_mode);
}
@ -3300,7 +3301,7 @@ apdu_send_simple (int slot, int extended_mode,
/* Same as apdu_send_simple but uses the keypad of the reader. */
int
apdu_send_simple_kp (int slot, int class, int ins, int p0, int p1,
int lc, const char *data,
int lc, const char *data,
int pin_mode,
int pinlen_min, int pinlen_max, int pin_padlen)
{
@ -3332,7 +3333,7 @@ apdu_send_direct (int slot, size_t extended_length,
unsigned char **retbuf, size_t *retbuflen)
{
#define SHORT_RESULT_BUFFER_SIZE 258
unsigned char short_result_buffer[SHORT_RESULT_BUFFER_SIZE+10];
unsigned char short_result_buffer[SHORT_RESULT_BUFFER_SIZE+10];
unsigned char *result_buffer = NULL;
size_t result_buffer_size;
unsigned char *result;

127
scd/pcsc-wrapper.c
View File

@ -27,7 +27,7 @@
pcsc interface but to a higher level one which resembles the code
used in scdaemon (apdu.c) when not using Pth or while running under
Windows.
The interface is binary consisting of a command tag and the length
of the parameter list. The calling process needs to pass the
version number of the interface on the command line to make sure
@ -56,7 +56,7 @@
#define MYVERSION_LINE PGM " (GnuPG) " VERSION
#define BUGREPORT_LINE "\nReport bugs to <bug-gnupg@gnu.org>.\n"
#else
#define MYVERSION_LINE PGM
#define MYVERSION_LINE PGM
#define BUGREPORT_LINE ""
#endif
@ -67,14 +67,14 @@ static int verbose;
/* PC/SC constants and function pointer. */
#define PCSC_SCOPE_USER 0
#define PCSC_SCOPE_TERMINAL 1
#define PCSC_SCOPE_SYSTEM 2
#define PCSC_SCOPE_GLOBAL 3
#define PCSC_SCOPE_USER 0
#define PCSC_SCOPE_TERMINAL 1
#define PCSC_SCOPE_SYSTEM 2
#define PCSC_SCOPE_GLOBAL 3
#define PCSC_PROTOCOL_T0 1
#define PCSC_PROTOCOL_T1 2
#define PCSC_PROTOCOL_RAW 4
#define PCSC_PROTOCOL_T0 1
#define PCSC_PROTOCOL_T1 2
#define PCSC_PROTOCOL_RAW 4
#define PCSC_SHARE_EXCLUSIVE 1
#define PCSC_SHARE_SHARED 2
@ -85,7 +85,7 @@ static int verbose;
#define PCSC_UNPOWER_CARD 2
#define PCSC_EJECT_CARD 3
#define PCSC_UNKNOWN 0x0001
#define PCSC_UNKNOWN 0x0001
#define PCSC_ABSENT 0x0002 /* Card is absent. */
#define PCSC_PRESENT 0x0004 /* Card is present. */
#define PCSC_SWALLOWED 0x0008 /* Card is present and electrical connected. */
@ -106,7 +106,7 @@ static int verbose;
#define PCSC_STATE_MUTE 0x0200 /* Unresponsive card. */
struct pcsc_io_request_s {
unsigned long protocol;
unsigned long protocol;
unsigned long pci_len;
};
@ -235,7 +235,7 @@ request_succeeded (const void *buffer, size_t buflen)
fflush (stdout);
}
static unsigned long
@ -271,40 +271,40 @@ pcsc_error_string (long err)
{
case 0x0002: s = "cancelled"; break;
case 0x000e: s = "can't dispose"; break;
case 0x0008: s = "insufficient buffer"; break;
case 0x0008: s = "insufficient buffer"; break;
case 0x0015: s = "invalid ATR"; break;
case 0x0003: s = "invalid handle"; break;
case 0x0004: s = "invalid parameter"; break;
case 0x0004: s = "invalid parameter"; break;
case 0x0005: s = "invalid target"; break;
case 0x0011: s = "invalid value"; break;
case 0x0006: s = "no memory"; break;
case 0x0013: s = "comm error"; break;
case 0x0001: s = "internal error"; break;
case 0x0014: s = "unknown error"; break;
case 0x0007: s = "waited too long"; break;
case 0x0011: s = "invalid value"; break;
case 0x0006: s = "no memory"; break;
case 0x0013: s = "comm error"; break;
case 0x0001: s = "internal error"; break;
case 0x0014: s = "unknown error"; break;
case 0x0007: s = "waited too long"; break;
case 0x0009: s = "unknown reader"; break;
case 0x000a: s = "timeout"; break;
case 0x000b: s = "sharing violation"; break;
case 0x000a: s = "timeout"; break;
case 0x000b: s = "sharing violation"; break;
case 0x000c: s = "no smartcard"; break;
case 0x000d: s = "unknown card"; break;
case 0x000f: s = "proto mismatch"; break;
case 0x0010: s = "not ready"; break;
case 0x0012: s = "system cancelled"; break;
case 0x000d: s = "unknown card"; break;
case 0x000f: s = "proto mismatch"; break;
case 0x0010: s = "not ready"; break;
case 0x0012: s = "system cancelled"; break;
case 0x0016: s = "not transacted"; break;
case 0x0017: s = "reader unavailable"; break;
case 0x0065: s = "unsupported card"; break;
case 0x0066: s = "unresponsive card"; break;
case 0x0067: s = "unpowered card"; break;
case 0x0068: s = "reset card"; break;
case 0x0069: s = "removed card"; break;
case 0x006a: s = "inserted card"; break;
case 0x001f: s = "unsupported feature"; break;
case 0x0019: s = "PCI too small"; break;
case 0x001a: s = "reader unsupported"; break;
case 0x001b: s = "duplicate reader"; break;
case 0x001c: s = "card unsupported"; break;
case 0x001d: s = "no service"; break;
case 0x001e: s = "service stopped"; break;
case 0x0017: s = "reader unavailable"; break;
case 0x0065: s = "unsupported card"; break;
case 0x0066: s = "unresponsive card"; break;
case 0x0067: s = "unpowered card"; break;
case 0x0068: s = "reset card"; break;
case 0x0069: s = "removed card"; break;
case 0x006a: s = "inserted card"; break;
case 0x001f: s = "unsupported feature"; break;
case 0x0019: s = "PCI too small"; break;
case 0x001a: s = "reader unsupported"; break;
case 0x001b: s = "duplicate reader"; break;
case 0x001c: s = "card unsupported"; break;
case 0x001d: s = "no service"; break;
case 0x001e: s = "service stopped"; break;
default: s = "unknown PC/SC error code"; break;
}
return s;
@ -337,16 +337,16 @@ load_pcsc_driver (const char *libname)
pcsc_set_timeout = dlsym (handle, "SCardSetTimeout");
if (!pcsc_establish_context
|| !pcsc_release_context
|| !pcsc_list_readers
|| !pcsc_release_context
|| !pcsc_list_readers
|| !pcsc_get_status_change
|| !pcsc_connect
|| !pcsc_reconnect
|| !pcsc_connect
|| !pcsc_reconnect
|| !pcsc_disconnect
|| !pcsc_status
|| !pcsc_begin_transaction
|| !pcsc_end_transaction
|| !pcsc_transmit
|| !pcsc_transmit
/* || !pcsc_set_timeout */)
{
/* Note that set_timeout is currently not used and also not
@ -355,22 +355,22 @@ load_pcsc_driver (const char *libname)
"apdu_open_reader: invalid PC/SC driver "
"(%d%d%d%d%d%d%d%d%d%d%d%d)\n",
!!pcsc_establish_context,
!!pcsc_release_context,
!!pcsc_list_readers,
!!pcsc_get_status_change,
!!pcsc_connect,
!!pcsc_reconnect,
!!pcsc_release_context,
!!pcsc_list_readers,
!!pcsc_get_status_change,
!!pcsc_connect,
!!pcsc_reconnect,
!!pcsc_disconnect,
!!pcsc_status,
!!pcsc_begin_transaction,
!!pcsc_end_transaction,
!!pcsc_transmit,
!!pcsc_transmit,
!!pcsc_set_timeout );
dlclose (handle);
exit (1);
}
}
@ -384,7 +384,7 @@ handle_open (unsigned char *argbuf, size_t arglen)
long err;
const char * portstr;
char *list = NULL;
unsigned long nreader, listlen, atrlen;
unsigned long nreader, atrlen;
char *p;
unsigned long card_state, card_protocol;
unsigned char atr[33];
@ -409,7 +409,7 @@ handle_open (unsigned char *argbuf, size_t arglen)
request_failed (err);
return;
}
err = pcsc_list_readers (pcsc_context, NULL, NULL, &nreader);
if (!err)
{
@ -431,7 +431,6 @@ handle_open (unsigned char *argbuf, size_t arglen)
return;
}
listlen = nreader;
p = list;
while (nreader)
{
@ -477,8 +476,8 @@ handle_open (unsigned char *argbuf, size_t arglen)
pcsc_protocol = 0;
request_failed (err);
return;
}
}
current_atrlen = 0;
if (!err)
{
@ -658,9 +657,9 @@ handle_reset (unsigned char *argbuf, size_t arglen)
pcsc_card = 0;
request_failed (err);
return;
}
}
atrlen = 33;
nreader = sizeof reader - 1;
err = pcsc_status (pcsc_card,
@ -731,7 +730,7 @@ print_version (int with_help)
"This is free software, and you are welcome to redistribute it\n"
"under certain conditions. See the file COPYING for details.\n",
stdout);
if (with_help)
fputs ("\n"
"Usage: " PGM " [OPTIONS] API-NUMBER [LIBNAME]\n"
@ -741,7 +740,7 @@ print_version (int with_help)
" --version print version of the program and exit\n"
" --help display this help and exit\n"
BUGREPORT_LINE, stdout );
exit (0);
}
@ -752,7 +751,7 @@ main (int argc, char **argv)
int last_argc = -1;
int api_number = 0;
int c;
if (argc)
{
argc--; argv++;
@ -774,7 +773,7 @@ main (int argc, char **argv)
verbose = 1;
argc--; argv++;
}
}
}
if (argc != 1 && argc != 2)
{
fprintf (stderr, "usage: " PGM " API-NUMBER [LIBNAME]\n");
@ -795,7 +794,7 @@ main (int argc, char **argv)
{
size_t arglen;
unsigned char argbuffer[2048];
arglen = read_32 (stdin);
if (arglen >= sizeof argbuffer - 1)
{

123
scd/scdaemon.c
View File

@ -1,5 +1,5 @@
/* scdaemon.c - The GnuPG Smartcard Daemon
* Copyright (C) 2001, 2002, 2004, 2005,
* Copyright (C) 2001, 2002, 2004, 2005,
* 2007, 2008, 2009 Free Software Foundation, Inc.
*
* This file is part of GnuPG.
@ -53,13 +53,13 @@
#include "mkdtemp.h"
#include "gc-opt-flags.h"
enum cmd_and_opt_values
enum cmd_and_opt_values
{ aNull = 0,
oCsh = 'c',
oQuiet = 'q',
oSh = 's',
oVerbose = 'v',
oNoVerbose = 500,
aGPGConfList,
aGPGConfTest,
@ -99,11 +99,11 @@ enum cmd_and_opt_values
static ARGPARSE_OPTS opts[] = {
ARGPARSE_c (aGPGConfList, "gpgconf-list", "@"),
ARGPARSE_c (aGPGConfTest, "gpgconf-test", "@"),
ARGPARSE_group (301, N_("@Options:\n ")),
ARGPARSE_s_n (oServer,"server", N_("run in server mode (foreground)")),
ARGPARSE_s_n (oMultiServer, "multi-server",
ARGPARSE_s_n (oMultiServer, "multi-server",
N_("run in multi server mode (foreground)")),
ARGPARSE_s_n (oDaemon, "daemon", N_("run in daemon mode (background)")),
ARGPARSE_s_n (oVerbose, "verbose", N_("verbose")),
@ -122,11 +122,11 @@ static ARGPARSE_OPTS opts[] = {
ARGPARSE_s_n (oDebugLogTid, "debug-log-tid", "@"),
ARGPARSE_s_n (oNoDetach, "no-detach", N_("do not detach from the console")),
ARGPARSE_s_s (oLogFile, "log-file", N_("|FILE|write a log to FILE")),
ARGPARSE_s_s (oReaderPort, "reader-port",
ARGPARSE_s_s (oReaderPort, "reader-port",
N_("|N|connect to reader at port N")),
ARGPARSE_s_s (octapiDriver, "ctapi-driver",
ARGPARSE_s_s (octapiDriver, "ctapi-driver",
N_("|NAME|use NAME as ct-API driver")),
ARGPARSE_s_s (opcscDriver, "pcsc-driver",
ARGPARSE_s_s (opcscDriver, "pcsc-driver",
N_("|NAME|use NAME as PC/SC driver")),
ARGPARSE_s_n (oDisableCCID, "disable-ccid",
#ifdef HAVE_LIBUSB
@ -135,15 +135,15 @@ static ARGPARSE_OPTS opts[] = {
"@"
#endif
/* end --disable-ccid */),
ARGPARSE_s_u (oCardTimeout, "card-timeout",
ARGPARSE_s_u (oCardTimeout, "card-timeout",
N_("|N|disconnect the card after N seconds of inactivity")),
ARGPARSE_s_n (oDisableKeypad, "disable-keypad",
ARGPARSE_s_n (oDisableKeypad, "disable-keypad",
N_("do not use a reader's keypad")),
ARGPARSE_s_n (oAllowAdmin, "allow-admin", "@"),
ARGPARSE_s_n (oDenyAdmin, "deny-admin",
ARGPARSE_s_n (oDenyAdmin, "deny-admin",
N_("deny the use of admin card commands")),
ARGPARSE_s_s (oDisableApplication, "disable-application", "@"),
ARGPARSE_end ()
};
@ -218,7 +218,7 @@ make_libversion (const char *libname, const char *(*getfnc)(const char*))
{
const char *s;
char *result;
if (maybe_setuid)
{
gcry_control (GCRYCTL_INIT_SECMEM, 0, 0); /* Drop setuid. */
@ -261,7 +261,7 @@ my_strusage (int level)
case 41: p = _("Syntax: scdaemon [options] [command [args]]\n"
"Smartcard daemon for GnuPG\n");
break;
default: p = NULL;
}
return p;
@ -309,7 +309,7 @@ set_debug (const char *level)
/* Unless the "guru" string has been used we don't want to allow
hashing debugging. The rationale is that people tend to
select the highest debug value and would then clutter their
disk with debug files which may reveal confidential data. */
disk with debug files which may reveal confidential data. */
if (numok)
opt.debug &= ~(DBG_HASHING_VALUE);
}
@ -333,17 +333,17 @@ set_debug (const char *level)
if (opt.debug)
log_info ("enabled debug flags:%s%s%s%s%s%s%s%s%s\n",
(opt.debug & DBG_COMMAND_VALUE)? " command":"",
(opt.debug & DBG_MPI_VALUE )? " mpi":"",
(opt.debug & DBG_CRYPTO_VALUE )? " crypto":"",
(opt.debug & DBG_MEMORY_VALUE )? " memory":"",
(opt.debug & DBG_CACHE_VALUE )? " cache":"",
(opt.debug & DBG_MEMSTAT_VALUE)? " memstat":"",
(opt.debug & DBG_HASHING_VALUE)? " hashing":"",
(opt.debug & DBG_COMMAND_VALUE)? " command":"",
(opt.debug & DBG_MPI_VALUE )? " mpi":"",
(opt.debug & DBG_CRYPTO_VALUE )? " crypto":"",
(opt.debug & DBG_MEMORY_VALUE )? " memory":"",
(opt.debug & DBG_CACHE_VALUE )? " cache":"",
(opt.debug & DBG_MEMSTAT_VALUE)? " memstat":"",
(opt.debug & DBG_HASHING_VALUE)? " hashing":"",
(opt.debug & DBG_ASSUAN_VALUE )? " assuan":"",
(opt.debug & DBG_CARD_IO_VALUE)? " cardio":"");
}
static void
@ -373,7 +373,6 @@ main (int argc, char **argv )
ARGPARSE_ARGS pargs;
int orig_argc;
gpg_error_t err;
int may_coredump;
char **orig_argv;
FILE *configfp = NULL;
char *configname = NULL;
@ -395,13 +394,13 @@ main (int argc, char **argv )
int allow_coredump = 0;
int standard_socket = 0;
struct assuan_malloc_hooks malloc_hooks;
set_strusage (my_strusage);
gcry_control (GCRYCTL_SUSPEND_SECMEM_WARN);
/* Please note that we may running SUID(ROOT), so be very CAREFUL
when adding any stuff between here and the call to INIT_SECMEM()
somewhere after the option parsing */
log_set_prefix ("scdaemon", 1|4);
log_set_prefix ("scdaemon", 1|4);
/* Make sure that our subsystems are ready. */
i18n_init ();
@ -440,11 +439,11 @@ main (int argc, char **argv )
setup_libgcrypt_logging ();
gcry_control (GCRYCTL_USE_SECURE_RNDPOOL);
may_coredump = disable_core_dumps ();
disable_core_dumps ();
/* Set default options. */
opt.allow_admin = 1;
opt.pcsc_driver = DEFAULT_PCSC_DRIVER;
opt.pcsc_driver = DEFAULT_PCSC_DRIVER;
#ifdef HAVE_W32_SYSTEM
standard_socket = 1; /* Under Windows we always use a standard
@ -455,7 +454,7 @@ main (int argc, char **argv )
shell = getenv ("SHELL");
if (shell && strlen (shell) >= 3 && !strcmp (shell+strlen (shell)-3, "csh") )
csh_style = 1;
opt.homedir = default_homedir ();
/* Check whether we have a config file on the commandline */
@ -484,15 +483,15 @@ main (int argc, char **argv )
gcry_control (GCRYCTL_INIT_SECMEM, 16384, 0);
maybe_setuid = 0;
/*
Now we are working under our real uid
/*
Now we are working under our real uid
*/
if (default_config)
configname = make_filename (opt.homedir, "scdaemon.conf", NULL );
argc = orig_argc;
argv = orig_argv;
pargs.argc = &argc;
@ -517,7 +516,7 @@ main (int argc, char **argv )
configname, strerror(errno) );
exit(2);
}
xfree (configname);
xfree (configname);
configname = NULL;
}
if (parse_debug && configname )
@ -543,13 +542,13 @@ main (int argc, char **argv )
enable_core_dumps ();
allow_coredump = 1;
break;
case oDebugCCIDDriver:
case oDebugCCIDDriver:
#ifdef HAVE_LIBUSB
ccid_set_debug_level (ccid_set_debug_level (-1)+1);
#endif /*HAVE_LIBUSB*/
break;
case oDebugDisableTicker: ticker_disabled = 1; break;
case oDebugLogTid:
case oDebugLogTid:
log_set_get_tid_callback (tid_log_callback);
break;
@ -585,15 +584,15 @@ main (int argc, char **argv )
case oAllowAdmin: /* Dummy because allow is now the default. */
break;
case oDenyAdmin: opt.allow_admin = 0; break;
case oCardTimeout: opt.card_timeout = pargs.r.ret_ulong; break;
case oDisableApplication:
add_to_strlist (&opt.disabled_applications, pargs.r.ret_str);
add_to_strlist (&opt.disabled_applications, pargs.r.ret_str);
break;
default:
pargs.err = configfp? ARGPARSE_PRINT_WARNING:ARGPARSE_PRINT_ERROR;
default:
pargs.err = configfp? ARGPARSE_PRINT_WARNING:ARGPARSE_PRINT_ERROR;
break;
}
}
@ -623,7 +622,7 @@ main (int argc, char **argv )
log_info ("NOTE: this is a development version!\n");
#endif
if (atexit (cleanup))
{
log_error ("atexit failed\n");
@ -691,9 +690,9 @@ main (int argc, char **argv )
gnupg_sleep (debug_wait);
log_debug ("... okay\n");
}
if (pipe_server)
{
{
/* This is the simple pipe based server */
ctrl_t ctrl;
pth_attr_t tattr;
@ -702,7 +701,7 @@ main (int argc, char **argv )
#ifndef HAVE_W32_SYSTEM
{
struct sigaction sa;
sa.sa_handler = SIG_IGN;
sigemptyset (&sa.sa_mask);
sa.sa_flags = 0;
@ -730,7 +729,7 @@ main (int argc, char **argv )
socket_name = create_socket_name (standard_socket,
"S.scdaemon",
"/tmp/gpg-XXXXXX/S.scdaemon");
fd = FD2INT(create_server_socket (standard_socket,
socket_name, &socket_nonce));
}
@ -787,17 +786,17 @@ main (int argc, char **argv )
fflush (NULL);
#ifndef HAVE_W32_SYSTEM
pid = fork ();
if (pid == (pid_t)-1)
if (pid == (pid_t)-1)
{
log_fatal ("fork failed: %s\n", strerror (errno) );
exit (1);
}
else if (pid)
else if (pid)
{ /* we are the parent */
char *infostr;
close (fd);
/* create the info string: <name>:<pid>:<protocol_version> */
if (estream_asprintf (&infostr, "SCDAEMON_INFO=%s:%lu:1",
socket_name, (ulong) pid) < 0)
@ -808,7 +807,7 @@ main (int argc, char **argv )
}
*socket_name = 0; /* don't let cleanup() remove the socket -
the child should do this from now on */
if (argc)
if (argc)
{ /* run the program given on the commandline */
if (putenv (infostr))
{
@ -836,18 +835,18 @@ main (int argc, char **argv )
printf ( "%s; export SCDAEMON_INFO;\n", infostr);
}
xfree (infostr);
exit (0);
exit (0);
}
/* NOTREACHED */
} /* end parent */
/* This is the child. */
/* Detach from tty and put process into a new session. */
if (!nodetach )
{
{
/* Close stdin, stdout and stderr unless it is the log stream. */
for (i=0; i <= 2; i++)
for (i=0; i <= 2; i++)
{
if ( log_test_fd (i) && i != fd)
close (i);
@ -862,7 +861,7 @@ main (int argc, char **argv )
{
struct sigaction sa;
sa.sa_handler = SIG_IGN;
sigemptyset (&sa.sa_mask);
sa.sa_flags = 0;
@ -881,7 +880,7 @@ main (int argc, char **argv )
close (fd);
}
return 0;
}
@ -944,7 +943,7 @@ handle_signal (int signo)
"re-reading configuration and resetting cards\n");
/* reread_configuration (); */
break;
case SIGUSR1:
log_info ("SIGUSR1 received - printing internal information:\n");
pth_ctrl (PTH_CTRL_DUMPSTATE, log_get_stream ());
@ -970,7 +969,7 @@ handle_signal (int signo)
scd_exit (0);
}
break;
case SIGINT:
log_info ("SIGINT received - immediate shutdown\n");
log_info( "%s %s stopped\n", strusage(11), strusage(13));
@ -1059,7 +1058,7 @@ create_server_socket (int is_standard_name, const char *name,
scd_exit (2);
}
serv_addr = xmalloc (sizeof (*serv_addr));
serv_addr = xmalloc (sizeof (*serv_addr));
memset (serv_addr, 0, sizeof *serv_addr);
serv_addr->sun_family = AF_UNIX;
assert (strlen (name) + 1 < sizeof (serv_addr->sun_path));
@ -1072,7 +1071,7 @@ create_server_socket (int is_standard_name, const char *name,
remove (name);
rc = assuan_sock_bind (fd, (struct sockaddr*) serv_addr, len);
}
if (rc != -1
if (rc != -1
&& (rc=assuan_sock_get_nonce ((struct sockaddr*)serv_addr, len, nonce)))
log_error (_("error getting nonce for the socket\n"));
if (rc == -1)
@ -1091,7 +1090,7 @@ create_server_socket (int is_standard_name, const char *name,
assuan_sock_close (fd);
scd_exit (2);
}
if (opt.verbose)
log_info (_("listening on socket `%s'\n"), serv_addr->sun_path);
@ -1109,7 +1108,7 @@ start_connection_thread (void *arg)
if (ctrl->thread_startup.fd != GNUPG_INVALID_FD
&& assuan_sock_check_nonce (ctrl->thread_startup.fd, &socket_nonce))
{
log_info (_("error reading nonce on fd %d: %s\n"),
log_info (_("error reading nonce on fd %d: %s\n"),
FD2INT(ctrl->thread_startup.fd), strerror (errno));
assuan_sock_close (ctrl->thread_startup.fd);
xfree (ctrl);
@ -1187,7 +1186,7 @@ handle_connections (int listen_fd)
for (;;)
{
sigset_t oldsigs;
if (shutdown_pending)
{
if (pth_ctrl (PTH_CTRL_GETTHREADS) == 1)

6
sm/ChangeLog
View File

@ -1,3 +1,9 @@
2011-08-04 Werner Koch <wk@g10code.com>
* keydb.c (keydb_add_resource): Remove set but unused var
CREATED_FNAME.
* gpgsm.c (main): Remove set but used var FNAME.
2011-07-21 Werner Koch <wk@g10code.com>
* call-dirmngr.c (get_cached_cert, get_cached_cert_data_cb): New.

255
sm/gpgsm.c
View File

@ -1,4 +1,4 @@
/* gpgsm.c - GnuPG for S/MIME
/* gpgsm.c - GnuPG for S/MIME
* Copyright (C) 2001, 2002, 2003, 2004, 2005,
* 2006, 2007, 2008 Free Software Foundation, Inc.
*
@ -72,7 +72,7 @@ enum cmd_and_opt_values {
aRecvKeys,
aExport,
aExportSecretKeyP12,
aServer,
aServer,
aLearnCard,
aCallDirmngr,
aCallProtectTool,
@ -140,7 +140,7 @@ enum cmd_and_opt_values {
oDisablePolicyChecks,
oEnablePolicyChecks,
oAutoIssuerKeyRetrieve,
oWithFingerprint,
oWithMD5Fingerprint,
oAnswerYes,
@ -193,22 +193,22 @@ static ARGPARSE_OPTS opts[] = {
ARGPARSE_c (aDecrypt, "decrypt", N_("decrypt data (default)")),
ARGPARSE_c (aVerify, "verify", N_("verify a signature")),
ARGPARSE_c (aListKeys, "list-keys", N_("list keys")),
ARGPARSE_c (aListExternalKeys, "list-external-keys",
ARGPARSE_c (aListExternalKeys, "list-external-keys",
N_("list external keys")),
ARGPARSE_c (aListSecretKeys, "list-secret-keys", N_("list secret keys")),
ARGPARSE_c (aListChain, "list-chain", N_("list certificate chain")),
ARGPARSE_c (aListChain, "list-chain", N_("list certificate chain")),
ARGPARSE_c (aFingerprint, "fingerprint", N_("list keys and fingerprints")),
ARGPARSE_c (aKeygen, "gen-key", N_("generate a new key pair")),
ARGPARSE_c (aDeleteKey, "delete-keys",
ARGPARSE_c (aDeleteKey, "delete-keys",
N_("remove keys from the public keyring")),
ARGPARSE_c (aSendKeys, "send-keys", N_("export keys to a key server")),
ARGPARSE_c (aRecvKeys, "recv-keys", N_("import keys from a key server")),
ARGPARSE_c (aImport, "import", N_("import certificates")),
ARGPARSE_c (aExport, "export", N_("export certificates")),
ARGPARSE_c (aExportSecretKeyP12, "export-secret-key-p12", "@"),
ARGPARSE_c (aExportSecretKeyP12, "export-secret-key-p12", "@"),
ARGPARSE_c (aLearnCard, "learn-card", N_("register a smartcard")),
ARGPARSE_c (aServer, "server", N_("run in server mode")),
ARGPARSE_c (aCallDirmngr, "call-dirmngr",
ARGPARSE_c (aCallDirmngr, "call-dirmngr",
N_("pass a command to the dirmngr")),
ARGPARSE_c (aCallProtectTool, "call-protect-tool",
N_("invoke gpg-protect-tool")),
@ -231,11 +231,11 @@ static ARGPARSE_OPTS opts[] = {
ARGPARSE_s_s (oP12Charset, "p12-charset", "@"),
ARGPARSE_s_n (oAssumeArmor, "assume-armor",
ARGPARSE_s_n (oAssumeArmor, "assume-armor",
N_("assume input is in PEM format")),
ARGPARSE_s_n (oAssumeBase64, "assume-base64",
N_("assume input is in base-64 format")),
ARGPARSE_s_n (oAssumeBinary, "assume-binary",
ARGPARSE_s_n (oAssumeBinary, "assume-binary",
N_("assume input is in binary format")),
ARGPARSE_s_s (oRecipient, "recipient", N_("|USER-ID|encrypt for USER-ID")),
@ -243,12 +243,12 @@ static ARGPARSE_OPTS opts[] = {
ARGPARSE_s_n (oPreferSystemDirmngr,"prefer-system-dirmngr",
N_("use system's dirmngr if available")),
ARGPARSE_s_n (oDisableCRLChecks, "disable-crl-checks",
ARGPARSE_s_n (oDisableCRLChecks, "disable-crl-checks",
N_("never consult a CRL")),
ARGPARSE_s_n (oEnableCRLChecks, "enable-crl-checks", "@"),
ARGPARSE_s_n (oDisableTrustedCertCRLCheck,
"disable-trusted-cert-crl-check", "@"),
ARGPARSE_s_n (oEnableTrustedCertCRLCheck,
ARGPARSE_s_n (oEnableTrustedCertCRLCheck,
"enable-trusted-cert-crl-check", "@"),
ARGPARSE_s_n (oForceCRLRefresh, "force-crl-refresh", "@"),
@ -258,7 +258,7 @@ static ARGPARSE_OPTS opts[] = {
ARGPARSE_s_s (oValidationModel, "validation-model", "@"),
ARGPARSE_s_i (oIncludeCerts, "include-certs",
ARGPARSE_s_i (oIncludeCerts, "include-certs",
N_("|N|number of certificates to include") ),
ARGPARSE_s_s (oPolicyFile, "policy-file",
@ -286,7 +286,7 @@ static ARGPARSE_OPTS opts[] = {
ARGPARSE_s_n (oNoLogFile, "no-log-file", "@"),
ARGPARSE_s_i (oLoggerFD, "logger-fd", "@"),
ARGPARSE_s_s (oAuditLog, "audit-log",
ARGPARSE_s_s (oAuditLog, "audit-log",
N_("|FILE|write an audit log to FILE")),
ARGPARSE_s_s (oHtmlAuditLog, "html-audit-log", "@"),
ARGPARSE_s_n (oDryRun, "dry-run", N_("do not make any changes")),
@ -325,12 +325,12 @@ static ARGPARSE_OPTS opts[] = {
ARGPARSE_s_i (oStatusFD, "status-fd",
N_("|FD|write status info to this FD")),
ARGPARSE_s_s (oCipherAlgo, "cipher-algo",
ARGPARSE_s_s (oCipherAlgo, "cipher-algo",
N_("|NAME|use cipher algorithm NAME")),
ARGPARSE_s_s (oDigestAlgo, "digest-algo",
N_("|NAME|use message digest algorithm NAME")),
ARGPARSE_s_s (oExtraDigestAlgo, "extra-digest-algo", "@"),
ARGPARSE_group (302, N_(
"@\n(See the man page for a complete listing of all commands and options)\n"
@ -346,13 +346,13 @@ static ARGPARSE_OPTS opts[] = {
/* Hidden options. */
ARGPARSE_s_n (oNoVerbose, "no-verbose", "@"),
ARGPARSE_s_n (oEnableSpecialFilenames, "enable-special-filenames", "@"),
ARGPARSE_s_n (oNoSecmemWarn, "no-secmem-warning", "@"),
ARGPARSE_s_n (oNoSecmemWarn, "no-secmem-warning", "@"),
ARGPARSE_s_n (oNoArmor, "no-armor", "@"),
ARGPARSE_s_n (oNoArmor, "no-armour", "@"),
ARGPARSE_s_n (oNoDefKeyring, "no-default-keyring", "@"),
ARGPARSE_s_n (oNoGreeting, "no-greeting", "@"),
ARGPARSE_s_n (oNoOptions, "no-options", "@"),
ARGPARSE_s_s (oHomedir, "homedir", "@"),
ARGPARSE_s_s (oHomedir, "homedir", "@"),
ARGPARSE_s_s (oAgentProgram, "agent-program", "@"),
ARGPARSE_s_s (oDisplay, "display", "@"),
ARGPARSE_s_s (oTTYname, "ttyname", "@"),
@ -380,11 +380,11 @@ static ARGPARSE_OPTS opts[] = {
ARGPARSE_s_s (oIgnoreCertExtension, "ignore-cert-extension", "@"),
/* Command aliases. */
ARGPARSE_c (aListKeys, "list-key", "@"),
ARGPARSE_c (aListChain, "list-sig", "@"),
ARGPARSE_c (aListChain, "list-sigs", "@"),
ARGPARSE_c (aListChain, "check-sig", "@"),
ARGPARSE_c (aListChain, "check-sigs", "@"),
ARGPARSE_c (aListKeys, "list-key", "@"),
ARGPARSE_c (aListChain, "list-sig", "@"),
ARGPARSE_c (aListChain, "list-sigs", "@"),
ARGPARSE_c (aListChain, "check-sig", "@"),
ARGPARSE_c (aListChain, "check-sigs", "@"),
ARGPARSE_c (aDeleteKey, "delete-key", "@"),
ARGPARSE_end ()
@ -410,7 +410,7 @@ static int allow_special_filenames;
gpgconf-list because the variable will be changed by the command
line option. */
#define DEFAULT_INCLUDE_CERTS -2 /* Include all certs but root. */
static int default_include_certs = DEFAULT_INCLUDE_CERTS;
static int default_include_certs = DEFAULT_INCLUDE_CERTS;
/* Whether the chain mode shall be used for validation. */
static int default_validation_model;
@ -490,7 +490,7 @@ make_libversion (const char *libname, const char *(*getfnc)(const char*))
{
const char *s;
char *result;
if (maybe_setuid)
{
gcry_control (GCRYCTL_INIT_SECMEM, 0, 0); /* Drop setuid. */
@ -558,7 +558,7 @@ my_strusage( int level )
digests = build_list("Hash: ", gcry_md_algo_name, our_md_test_algo );
p = digests;
break;
default: p = NULL; break;
}
return p;
@ -571,7 +571,7 @@ build_list (const char *text, const char * (*mapf)(int), int (*chkf)(int))
int i;
size_t n=strlen(text)+2;
char *list, *p;
if (maybe_setuid) {
gcry_control (GCRYCTL_DROP_PRIVS); /* drop setuid */
}
@ -625,7 +625,7 @@ static void
set_opt_session_env (const char *name, const char *value)
{
gpg_error_t err;
err = session_env_setenv (opt.session_env, name, value);
if (err)
log_fatal ("error setting session environment: %s\n",
@ -660,7 +660,7 @@ set_debug (void)
/* Unless the "guru" string has been used we don't want to allow
hashing debugging. The rationale is that people tend to
select the highest debug value and would then clutter their
disk with debug files which may reveal confidential data. */
disk with debug files which may reveal confidential data. */
if (numok)
opt.debug &= ~(DBG_HASHING_VALUE);
}
@ -685,16 +685,16 @@ set_debug (void)
if (opt.debug)
log_info ("enabled debug flags:%s%s%s%s%s%s%s%s\n",
(opt.debug & DBG_X509_VALUE )? " x509":"",
(opt.debug & DBG_MPI_VALUE )? " mpi":"",
(opt.debug & DBG_CRYPTO_VALUE )? " crypto":"",
(opt.debug & DBG_MEMORY_VALUE )? " memory":"",
(opt.debug & DBG_CACHE_VALUE )? " cache":"",
(opt.debug & DBG_MEMSTAT_VALUE)? " memstat":"",
(opt.debug & DBG_HASHING_VALUE)? " hashing":"",
(opt.debug & DBG_X509_VALUE )? " x509":"",
(opt.debug & DBG_MPI_VALUE )? " mpi":"",
(opt.debug & DBG_CRYPTO_VALUE )? " crypto":"",
(opt.debug & DBG_MEMORY_VALUE )? " memory":"",
(opt.debug & DBG_CACHE_VALUE )? " cache":"",
(opt.debug & DBG_MEMSTAT_VALUE)? " memstat":"",
(opt.debug & DBG_HASHING_VALUE)? " hashing":"",
(opt.debug & DBG_ASSUAN_VALUE )? " assuan":"" );
}
static void
@ -711,7 +711,7 @@ set_cmd (enum cmd_and_opt_values *ret_cmd, enum cmd_and_opt_values new_cmd)
else if ( (cmd == aSign && new_cmd == aClearsign)
|| (cmd == aClearsign && new_cmd == aSign) )
cmd = aClearsign;
else
else
{
log_error(_("conflicting commands\n"));
gpgsm_exit(2);
@ -803,39 +803,39 @@ parse_keyserver_line (char *line,
fail = 1;
}
break;
case 2:
if (*p)
server->port = atoi (p);
break;
case 3:
if (*p)
server->user = xstrdup (p);
break;
case 4:
if (*p && !server->user)
{
log_error (_("%s:%u: password given without user\n"),
log_error (_("%s:%u: password given without user\n"),
filename, lineno);
fail = 1;
}
else if (*p)
server->pass = xstrdup (p);
break;
case 5:
if (*p)
server->base = xstrdup (p);
break;
default:
/* (We silently ignore extra fields.) */
break;
}
}
if (fail)
{
log_info (_("%s:%u: skipping this line\n"), filename, lineno);
@ -852,7 +852,6 @@ main ( int argc, char **argv)
ARGPARSE_ARGS pargs;
int orig_argc;
char **orig_argv;
const char *fname;
/* char *username;*/
int may_coredump;
strlist_t sl, remusr= NULL, locusr=NULL;
@ -909,7 +908,7 @@ main ( int argc, char **argv)
/* Check that the libraries are suitable. Do it here because the
option parse may need services of the library */
if (!gcry_check_version (NEED_LIBGCRYPT_VERSION) )
log_fatal (_("%s is too old (need %s, have %s)\n"), "libgcrypt",
log_fatal (_("%s is too old (need %s, have %s)\n"), "libgcrypt",
NEED_LIBGCRYPT_VERSION, gcry_check_version (NULL) );
if (!ksba_check_version (NEED_KSBA_VERSION) )
log_fatal (_("%s is too old (need %s, have %s)\n"), "libksba",
@ -919,9 +918,9 @@ main ( int argc, char **argv)
gcry_control (GCRYCTL_USE_SECURE_RNDPOOL);
may_coredump = disable_core_dumps ();
gnupg_init_signals (0, emergency_cleanup);
create_dotlock (NULL); /* register locking cleanup */
opt.session_env = session_env_new ();
@ -959,14 +958,14 @@ main ( int argc, char **argv)
break; /* This break makes sure that --version and --help are
passed to the protect-tool. */
}
/* Initialize the secure memory. */
gcry_control (GCRYCTL_INIT_SECMEM, 16384, 0);
maybe_setuid = 0;
/*
Now we are now working under our real uid
/*
Now we are now working under our real uid
*/
ksba_set_malloc_hooks (gcry_malloc, gcry_realloc, gcry_free );
@ -992,7 +991,7 @@ main ( int argc, char **argv)
configname = make_filename (opt.homedir, "gpgsm.conf", NULL);
/* Set the default policy file */
opt.policy_file = make_filename (opt.homedir, "policies.txt", NULL);
argc = orig_argc;
argv = orig_argv;
pargs.argc = &argc;
@ -1010,7 +1009,7 @@ main ( int argc, char **argv)
if (parse_debug)
log_info (_("NOTE: no default option file `%s'\n"), configname);
}
else
else
{
log_error (_("option file `%s': %s\n"), configname, strerror(errno));
gpgsm_exit(2);
@ -1023,19 +1022,19 @@ main ( int argc, char **argv)
default_config = 0;
}
while (!no_more_options
while (!no_more_options
&& optfile_parse (configfp, configname, &configlineno, &pargs, opts))
{
switch (pargs.r_opt)
{
case aGPGConfList:
case aGPGConfTest:
case aGPGConfList:
case aGPGConfTest:
set_cmd (&cmd, pargs.r_opt);
do_not_setup_keys = 1;
nogreeting = 1;
break;
case aServer:
case aServer:
opt.batch = 1;
set_cmd (&cmd, aServer);
break;
@ -1052,7 +1051,7 @@ main ( int argc, char **argv)
no_more_options = 1; /* Stop parsing. */
do_not_setup_keys = 1;
break;
case aDeleteKey:
set_cmd (&cmd, aDeleteKey);
/*greeting=1;*/
@ -1061,45 +1060,45 @@ main ( int argc, char **argv)
case aDetachedSign:
detached_sig = 1;
set_cmd (&cmd, aSign );
set_cmd (&cmd, aSign );
break;
case aKeygen:
set_cmd (&cmd, aKeygen);
greeting=1;
greeting=1;
do_not_setup_keys = 1;
break;
case aImport:
case aSendKeys:
case aRecvKeys:
case aExport:
case aExportSecretKeyP12:
case aImport:
case aSendKeys:
case aRecvKeys:
case aExport:
case aExportSecretKeyP12:
case aDumpKeys:
case aDumpChain:
case aDumpExternalKeys:
case aDumpSecretKeys:
case aDumpExternalKeys:
case aDumpSecretKeys:
case aListKeys:
case aListExternalKeys:
case aListSecretKeys:
case aListChain:
case aLearnCard:
case aPasswd:
case aListExternalKeys:
case aListSecretKeys:
case aListChain:
case aLearnCard:
case aPasswd:
case aKeydbClearSomeCertFlags:
do_not_setup_keys = 1;
set_cmd (&cmd, pargs.r_opt);
break;
case aEncr:
case aEncr:
recp_required = 1;
set_cmd (&cmd, pargs.r_opt);
break;
case aSym:
case aDecrypt:
case aSign:
case aClearsign:
case aVerify:
case aDecrypt:
case aSign:
case aClearsign:
case aVerify:
set_cmd (&cmd, pargs.r_opt);
break;
@ -1107,15 +1106,15 @@ main ( int argc, char **argv)
case oArmor:
ctrl.create_pem = 1;
break;
case oBase64:
case oBase64:
ctrl.create_pem = 0;
ctrl.create_base64 = 1;
break;
case oNoArmor:
case oNoArmor:
ctrl.create_pem = 0;
ctrl.create_base64 = 0;
break;
case oP12Charset:
opt.p12_charset = pargs.r.ret_str;
break;
@ -1160,8 +1159,8 @@ main ( int argc, char **argv)
ctrl.use_ocsp = opt.enable_ocsp = 1;
break;
case oIncludeCerts:
ctrl.include_certs = default_include_certs = pargs.r.ret_int;
case oIncludeCerts:
ctrl.include_certs = default_include_certs = pargs.r.ret_int;
break;
case oPolicyFile:
@ -1178,14 +1177,14 @@ main ( int argc, char **argv)
case oEnablePolicyChecks:
opt.no_policy_check = 0;
break;
case oAutoIssuerKeyRetrieve:
opt.auto_issuer_key_retrieve = 1;
break;
case oOutput: opt.outfile = pargs.r.ret_str; break;
case oQuiet: opt.quiet = 1; break;
case oNoTTY: /* fixme:tty_no_terminal(1);*/ break;
case oDryRun: opt.dry_run = 1; break;
@ -1200,17 +1199,17 @@ main ( int argc, char **argv)
break;
case oLogFile: logfile = pargs.r.ret_str; break;
case oNoLogFile: logfile = NULL; break;
case oNoLogFile: logfile = NULL; break;
case oAuditLog: auditlog = pargs.r.ret_str; break;
case oHtmlAuditLog: htmlauditlog = pargs.r.ret_str; break;
case oBatch:
case oBatch:
opt.batch = 1;
greeting = 0;
break;
case oNoBatch: opt.batch = 0; break;
case oAnswerYes: opt.answer_yes = 1; break;
case oAnswerNo: opt.answer_no = 1; break;
@ -1271,12 +1270,12 @@ main ( int argc, char **argv)
case oDisableDirmngr: opt.disable_dirmngr = 1; break;
case oPreferSystemDirmngr: opt.prefer_system_dirmngr = 1; break;
case oProtectToolProgram:
opt.protect_tool_program = pargs.r.ret_str;
opt.protect_tool_program = pargs.r.ret_str;
break;
case oFakedSystemTime:
{
time_t faked_time = isotime2epoch (pargs.r.ret_str);
time_t faked_time = isotime2epoch (pargs.r.ret_str);
if (faked_time == (time_t)(-1))
faked_time = (time_t)strtoul (pargs.r.ret_str, NULL, 10);
gnupg_set_time (faked_time, 0);
@ -1332,20 +1331,20 @@ main ( int argc, char **argv)
break;
case oNoSecmemWarn:
gcry_control (GCRYCTL_DISABLE_SECMEM_WARN);
gcry_control (GCRYCTL_DISABLE_SECMEM_WARN);
break;
case oCipherAlgo:
opt.def_cipher_algoid = pargs.r.ret_str;
break;
case oDisableCipherAlgo:
case oDisableCipherAlgo:
{
int algo = gcry_cipher_map_name (pargs.r.ret_str);
gcry_cipher_ctl (NULL, GCRYCTL_DISABLE_ALGO, &algo, sizeof algo);
}
break;
case oDisablePubkeyAlgo:
case oDisablePubkeyAlgo:
{
int algo = gcry_pk_map_name (pargs.r.ret_str);
gcry_pk_ctl (GCRYCTL_DISABLE_ALGO,&algo, sizeof algo );
@ -1356,7 +1355,7 @@ main ( int argc, char **argv)
forced_digest_algo = pargs.r.ret_str;
break;
case oExtraDigestAlgo:
case oExtraDigestAlgo:
extra_digest_algo = pargs.r.ret_str;
break;
@ -1390,8 +1389,8 @@ main ( int argc, char **argv)
add_to_strlist (&opt.ignored_cert_extensions, pargs.r.ret_str);
break;
default:
pargs.err = configfp? ARGPARSE_PRINT_WARNING:ARGPARSE_PRINT_ERROR;
default:
pargs.err = configfp? ARGPARSE_PRINT_WARNING:ARGPARSE_PRINT_ERROR;
break;
}
}
@ -1420,7 +1419,7 @@ main ( int argc, char **argv)
if (nogreeting)
greeting = 0;
if (greeting)
{
fprintf(stderr, "%s %s; %s\n",
@ -1459,7 +1458,7 @@ main ( int argc, char **argv)
dump_isotime (tbuf);
log_printf ("\n");
}
/*FIXME if (opt.batch) */
/* tty_batchmode (1); */
@ -1497,7 +1496,7 @@ main ( int argc, char **argv)
opt.def_cipher_algoid = "1.3.6.1.4.1.11591.13.2.42";
else if (!strcmp (opt.def_cipher_algoid, "SEED") )
opt.def_cipher_algoid = "1.2.410.200004.1.4";
else if (!strcmp (opt.def_cipher_algoid, "CAMELLIA")
else if (!strcmp (opt.def_cipher_algoid, "CAMELLIA")
|| !strcmp (opt.def_cipher_algoid, "CAMELLIA128") )
opt.def_cipher_algoid = "1.2.392.200011.61.1.1.1.2";
else if (!strcmp (opt.def_cipher_algoid, "CAMELLIA192") )
@ -1527,18 +1526,18 @@ main ( int argc, char **argv)
if (log_get_errorcount(0))
gpgsm_exit(2);
/* Set the random seed file. */
if (use_random_seed)
if (use_random_seed)
{
char *p = make_filename (opt.homedir, "random_seed", NULL);
gcry_control (GCRYCTL_SET_RANDOM_SEED_FILE, p);
xfree(p);
}
if (!cmd && opt.fingerprint && !with_fpr)
set_cmd (&cmd, aListKeys);
/* Add default keybox. */
if (!nrings && default_keyring)
{
@ -1549,7 +1548,7 @@ main ( int argc, char **argv)
{
/* Import the standard certificates for a new default keybox. */
char *filelist[2];
filelist[0] = make_filename (gnupg_datadir (),"com-certs.pem", NULL);
filelist[1] = NULL;
if (!access (filelist[0], F_OK))
@ -1571,7 +1570,7 @@ main ( int argc, char **argv)
{
switch (cmd)
{
case aEncr:
case aEncr:
case aSign:
case aDecrypt:
case aVerify:
@ -1603,7 +1602,7 @@ main ( int argc, char **argv)
get_inv_recpsgnr_code (rc), sl->d, NULL);
}
}
/* Build the recipient list. We first add the regular ones and then
the encrypt-to ones because the underlying function will silently
ignore duplicates and we can't allow to keep a duplicate which is
@ -1622,13 +1621,11 @@ main ( int argc, char **argv)
if (log_get_errorcount(0))
gpgsm_exit(1); /* Must stop for invalid recipients. */
fname = argc? *argv : NULL;
/* Dispatch command. */
switch (cmd)
{
case aGPGConfList:
case aGPGConfList:
{ /* List options and default values in the GPG Conf format. */
char *config_filename_esc = percent_escape (opt.config_filename, NULL);
@ -1698,7 +1695,7 @@ main ( int argc, char **argv)
set_binary (stdin);
if (!argc) /* Source is stdin. */
gpgsm_encrypt (&ctrl, recplist, 0, fp);
gpgsm_encrypt (&ctrl, recplist, 0, fp);
else if (argc == 1) /* Source is the given file. */
gpgsm_encrypt (&ctrl, recplist, open_read (*argv), fp);
else
@ -1717,10 +1714,10 @@ main ( int argc, char **argv)
signing because that is what gpg does.*/
set_binary (stdin);
if (!argc) /* Create from stdin. */
gpgsm_sign (&ctrl, signerlist, 0, detached_sig, fp);
gpgsm_sign (&ctrl, signerlist, 0, detached_sig, fp);
else if (argc == 1) /* From file. */
gpgsm_sign (&ctrl, signerlist,
open_read (*argv), detached_sig, fp);
open_read (*argv), detached_sig, fp);
else
wrong_args ("--sign [datafile]");
@ -1728,7 +1725,7 @@ main ( int argc, char **argv)
fclose (fp);
}
break;
case aSignEncr: /* sign and encrypt the given file */
log_error ("this command has not yet been implemented\n");
break;
@ -1752,7 +1749,7 @@ main ( int argc, char **argv)
else if (argc == 1)
gpgsm_verify (&ctrl, open_read (*argv), -1, fp); /* std signature */
else if (argc == 2) /* detached signature (sig, detached) */
gpgsm_verify (&ctrl, open_read (*argv), open_read (argv[1]), NULL);
gpgsm_verify (&ctrl, open_read (*argv), open_read (argv[1]), NULL);
else
wrong_args ("--verify [signature [detached_data]]");
@ -1801,7 +1798,7 @@ main ( int argc, char **argv)
{
case aListChain:
case aListKeys: mode = (0 | 0 | (1<<6)); break;
case aDumpChain:
case aDumpChain:
case aDumpKeys: mode = (256 | 0 | (1<<6)); break;
case aListExternalKeys: mode = (0 | 0 | (1<<7)); break;
case aDumpExternalKeys: mode = (256 | 0 | (1<<7)); break;
@ -1828,13 +1825,13 @@ main ( int argc, char **argv)
if (opt.batch)
{
if (!argc) /* Create from stdin. */
fpin = open_es_fread ("-");
fpin = open_es_fread ("-");
else if (argc == 1) /* From file. */
fpin = open_es_fread (*argv);
fpin = open_es_fread (*argv);
else
wrong_args ("--gen-key --batch [parmfile]");
}
fpout = open_fwrite (opt.outfile?opt.outfile:"-");
if (fpin)
@ -1877,7 +1874,7 @@ main ( int argc, char **argv)
fclose (fp);
}
break;
case aSendKeys:
case aRecvKeys:
log_error ("this command has not yet been implemented\n");
@ -1909,7 +1906,7 @@ main ( int argc, char **argv)
;
else if (!(grip = gpgsm_get_keygrip_hexstring (cert)))
rc = gpg_error (GPG_ERR_BUG);
else
else
{
char *desc = gpgsm_format_keydesc (cert);
rc = gpgsm_agent_passwd (&ctrl, grip, desc);
@ -1947,7 +1944,7 @@ main ( int argc, char **argv)
es_fclose (auditfp);
es_fclose (htmlauditfp);
}
/* cleanup */
keyserver_list_free (opt.keyserver);
opt.keyserver = NULL;
@ -1995,7 +1992,7 @@ gpgsm_init_default_ctrl (struct server_control_s *ctrl)
int
gpgsm_parse_validation_model (const char *model)
{
{
if (!ascii_strcasecmp (model, "shell") )
return 0;
else if ( !ascii_strcasecmp (model, "chain") )
@ -2013,11 +2010,11 @@ check_special_filename (const char *fname, int for_write)
if (allow_special_filenames
&& fname && *fname == '-' && fname[1] == '&' ) {
int i;
fname += 2;
for (i=0; isdigit (fname[i]); i++ )
;
if ( !fname[i] )
if ( !fname[i] )
return translate_sys2libc_fd_int (atoi (fname), for_write);
}
return -1;
@ -2028,7 +2025,7 @@ check_special_filename (const char *fname, int for_write)
/* Open the FILENAME for read and return the filedescriptor. Stop
with an error message in case of problems. "-" denotes stdin and
if special filenames are allowed the given fd is opened instead. */
static int
static int
open_read (const char *filename)
{
int fd;
@ -2177,7 +2174,7 @@ run_protect_tool (int argc, char **argv)
for (i=1; argc; i++, argc--, argv++)
av[i] = *argv;
av[i] = NULL;
execv (pgm, av);
execv (pgm, av);
log_error ("error executing `%s': %s\n", pgm, strerror (errno));
#endif /*HAVE_W32_SYSTEM*/
gpgsm_exit (2);

324
sm/keydb.c
View File

@ -29,7 +29,7 @@
#include "gpgsm.h"
#include "../kbx/keybox.h"
#include "keydb.h"
#include "keydb.h"
#include "i18n.h"
static int active_handles;
@ -71,7 +71,7 @@ static void unlock_all (KEYDB_HANDLE hd);
* Register a resource (which currently may only be a keybox file).
* The first keybox which is added by this function is created if it
* does not exist. If AUTO_CREATED is not NULL it will be set to true
* if the function has created a a new keybox.
* if the function has created a a new keybox.
*/
int
keydb_add_resource (const char *url, int force, int secret, int *auto_created)
@ -79,10 +79,9 @@ keydb_add_resource (const char *url, int force, int secret, int *auto_created)
static int any_secret, any_public;
const char *resname = url;
char *filename = NULL;
int rc = 0;
int rc = 0;
FILE *fp;
KeydbResourceType rt = KEYDB_RESOURCE_TYPE_NONE;
const char *created_fname = NULL;
if (auto_created)
*auto_created = 0;
@ -91,7 +90,7 @@ keydb_add_resource (const char *url, int force, int secret, int *auto_created)
gnupg-kbx:filename := this is a plain keybox
filename := See what is is, but create as plain keybox.
*/
if (strlen (resname) > 10)
if (strlen (resname) > 10)
{
if (!strncmp (resname, "gnupg-kbx:", 10) )
{
@ -117,20 +116,20 @@ keydb_add_resource (const char *url, int force, int secret, int *auto_created)
}
else
filename = xstrdup (resname);
if (!force)
force = secret? !any_secret : !any_public;
/* see whether we can determine the filetype */
if (rt == KEYDB_RESOURCE_TYPE_NONE)
{
FILE *fp2 = fopen( filename, "rb" );
if (fp2) {
u32 magic;
/* FIXME: check for the keybox magic */
if (fread( &magic, 4, 1, fp2) == 1 )
if (fread( &magic, 4, 1, fp2) == 1 )
{
if (magic == 0x13579ace || magic == 0xce9a5713)
; /* GDBM magic - no more support */
@ -144,14 +143,14 @@ keydb_add_resource (const char *url, int force, int secret, int *auto_created)
else /* no file yet: create ring */
rt = KEYDB_RESOURCE_TYPE_KEYBOX;
}
switch (rt)
{
case KEYDB_RESOURCE_TYPE_NONE:
log_error ("unknown type of key resource `%s'\n", url );
rc = gpg_error (GPG_ERR_GENERAL);
goto leave;
case KEYDB_RESOURCE_TYPE_KEYBOX:
fp = fopen (filename, "rb");
if (!fp && !force)
@ -159,13 +158,13 @@ keydb_add_resource (const char *url, int force, int secret, int *auto_created)
rc = gpg_error (gpg_err_code_from_errno (errno));
goto leave;
}
if (!fp)
{ /* no file */
#if 0 /* no autocreate of the homedirectory yet */
{
char *last_slash_in_filename;
last_slash_in_filename = strrchr (filename, DIRSEP_C);
*last_slash_in_filename = 0;
if (access (filename, F_OK))
@ -194,7 +193,6 @@ keydb_add_resource (const char *url, int force, int secret, int *auto_created)
if (!opt.quiet)
log_info (_("keybox `%s' created\n"), filename);
created_fname = filename;
if (auto_created)
*auto_created = 1;
}
@ -202,13 +200,13 @@ keydb_add_resource (const char *url, int force, int secret, int *auto_created)
fp = NULL;
/* now register the file */
{
void *token = keybox_register_file (filename, secret);
if (!token)
; /* already registered - ignore it */
else if (used_resources >= MAX_KEYDB_RESOURCES)
rc = gpg_error (GPG_ERR_RESOURCE_LIMIT);
else
else
{
all_resources[used_resources].type = rt;
all_resources[used_resources].u.kr = NULL; /* Not used here */
@ -224,7 +222,7 @@ keydb_add_resource (const char *url, int force, int secret, int *auto_created)
if (!make_dotlock (all_resources[used_resources].lockhandle, 0))
{
KEYBOX_HANDLE kbxhd = keybox_new (token, secret);
if (kbxhd)
{
keybox_compress (kbxhd);
@ -232,7 +230,7 @@ keydb_add_resource (const char *url, int force, int secret, int *auto_created)
}
release_dotlock (all_resources[used_resources].lockhandle);
}
used_resources++;
}
}
@ -264,10 +262,10 @@ keydb_new (int secret)
{
KEYDB_HANDLE hd;
int i, j;
hd = xcalloc (1, sizeof *hd);
hd->found = -1;
assert (used_resources <= MAX_KEYDB_RESOURCES);
for (i=j=0; i < used_resources; i++)
{
@ -283,7 +281,7 @@ keydb_new (int secret)
hd->active[j].secret = all_resources[i].secret;
hd->active[j].lockhandle = all_resources[i].lockhandle;
hd->active[j].u.kr = keybox_new (all_resources[i].token, secret);
if (!hd->active[j].u.kr)
if (!hd->active[j].u.kr)
{
xfree (hd);
return NULL; /* fixme: release all previously allocated handles*/
@ -293,16 +291,16 @@ keydb_new (int secret)
}
}
hd->used = j;
active_handles++;
return hd;
}
void
void
keydb_release (KEYDB_HANDLE hd)
{
int i;
if (!hd)
return;
assert (active_handles > 0);
@ -311,7 +309,7 @@ keydb_release (KEYDB_HANDLE hd)
unlock_all (hd);
for (i=0; i < hd->used; i++)
{
switch (hd->active[i].type)
switch (hd->active[i].type)
{
case KEYDB_RESOURCE_TYPE_NONE:
break;
@ -336,27 +334,27 @@ keydb_get_resource_name (KEYDB_HANDLE hd)
{
int idx;
const char *s = NULL;
if (!hd)
if (!hd)
return NULL;
if ( hd->found >= 0 && hd->found < hd->used)
if ( hd->found >= 0 && hd->found < hd->used)
idx = hd->found;
else if ( hd->current >= 0 && hd->current < hd->used)
else if ( hd->current >= 0 && hd->current < hd->used)
idx = hd->current;
else
idx = 0;
switch (hd->active[idx].type)
switch (hd->active[idx].type)
{
case KEYDB_RESOURCE_TYPE_NONE:
s = NULL;
s = NULL;
break;
case KEYDB_RESOURCE_TYPE_KEYBOX:
s = keybox_get_resource_name (hd->active[idx].u.kr);
break;
}
return s? s: "";
}
@ -374,7 +372,7 @@ keydb_set_ephemeral (KEYDB_HANDLE hd, int yes)
{
for (i=0; i < hd->used; i++)
{
switch (hd->active[i].type)
switch (hd->active[i].type)
{
case KEYDB_RESOURCE_TYPE_NONE:
break;
@ -384,7 +382,7 @@ keydb_set_ephemeral (KEYDB_HANDLE hd, int yes)
}
}
}
i = hd->is_ephemeral;
hd->is_ephemeral = yes;
return i;
@ -407,7 +405,7 @@ keydb_lock (KEYDB_HANDLE hd)
static int
static int
lock_all (KEYDB_HANDLE hd)
{
int i, rc = 0;
@ -415,9 +413,9 @@ lock_all (KEYDB_HANDLE hd)
/* Fixme: This locking scheme may lead to deadlock if the resources
are not added in the same order by all processes. We are
currently only allowing one resource so it is not a problem. */
for (i=0; i < hd->used; i++)
for (i=0; i < hd->used; i++)
{
switch (hd->active[i].type)
switch (hd->active[i].type)
{
case KEYDB_RESOURCE_TYPE_NONE:
break;
@ -430,12 +428,12 @@ lock_all (KEYDB_HANDLE hd)
break;
}
if (rc)
if (rc)
{
/* revert the already set locks */
for (i--; i >= 0; i--)
for (i--; i >= 0; i--)
{
switch (hd->active[i].type)
switch (hd->active[i].type)
{
case KEYDB_RESOURCE_TYPE_NONE:
break;
@ -459,13 +457,13 @@ static void
unlock_all (KEYDB_HANDLE hd)
{
int i;
if (!hd->locked)
return;
for (i=hd->used-1; i >= 0; i--)
for (i=hd->used-1; i >= 0; i--)
{
switch (hd->active[i].type)
switch (hd->active[i].type)
{
case KEYDB_RESOURCE_TYPE_NONE:
break;
@ -483,7 +481,7 @@ unlock_all (KEYDB_HANDLE hd)
/*
* Return the last found keybox. Caller must free it.
* The returned keyblock has the kbode flag bit 0 set for the node with
* the public key used to locate the keyblock or flag bit 1 set for
* the public key used to locate the keyblock or flag bit 1 set for
* the user ID node.
*/
int
@ -494,7 +492,7 @@ keydb_get_keyblock (KEYDB_HANDLE hd, KBNODE *ret_kb)
if (!hd)
return G10ERR_INV_ARG;
if ( hd->found < 0 || hd->found >= hd->used)
if ( hd->found < 0 || hd->found >= hd->used)
return -1; /* nothing found */
switch (hd->active[hd->found].type) {
@ -509,7 +507,7 @@ keydb_get_keyblock (KEYDB_HANDLE hd, KBNODE *ret_kb)
return rc;
}
/*
/*
* update the current keyblock with KB
*/
int
@ -520,7 +518,7 @@ keydb_update_keyblock (KEYDB_HANDLE hd, KBNODE kb)
if (!hd)
return G10ERR_INV_ARG;
if ( hd->found < 0 || hd->found >= hd->used)
if ( hd->found < 0 || hd->found >= hd->used)
return -1; /* nothing found */
if( opt.dry_run )
@ -543,8 +541,8 @@ keydb_update_keyblock (KEYDB_HANDLE hd, KBNODE kb)
}
/*
* Insert a new KB into one of the resources.
/*
* Insert a new KB into one of the resources.
*/
int
keydb_insert_keyblock (KEYDB_HANDLE hd, KBNODE kb)
@ -552,15 +550,15 @@ keydb_insert_keyblock (KEYDB_HANDLE hd, KBNODE kb)
int rc = -1;
int idx;
if (!hd)
if (!hd)
return G10ERR_INV_ARG;
if( opt.dry_run )
return 0;
if ( hd->found >= 0 && hd->found < hd->used)
if ( hd->found >= 0 && hd->found < hd->used)
idx = hd->found;
else if ( hd->current >= 0 && hd->current < hd->used)
else if ( hd->current >= 0 && hd->current < hd->used)
idx = hd->current;
else
return G10ERR_GENERAL;
@ -598,11 +596,11 @@ keydb_get_cert (KEYDB_HANDLE hd, ksba_cert_t *r_cert)
if (!hd)
return gpg_error (GPG_ERR_INV_VALUE);
if ( hd->found < 0 || hd->found >= hd->used)
if ( hd->found < 0 || hd->found >= hd->used)
return -1; /* nothing found */
switch (hd->active[hd->found].type)
switch (hd->active[hd->found].type)
{
case KEYDB_RESOURCE_TYPE_NONE:
rc = gpg_error (GPG_ERR_GENERAL); /* oops */
@ -611,7 +609,7 @@ keydb_get_cert (KEYDB_HANDLE hd, ksba_cert_t *r_cert)
rc = keybox_get_cert (hd->active[hd->found].u.kr, r_cert);
break;
}
return rc;
}
@ -626,11 +624,11 @@ keydb_get_flags (KEYDB_HANDLE hd, int which, int idx, unsigned int *value)
if (!hd)
return gpg_error (GPG_ERR_INV_VALUE);
if ( hd->found < 0 || hd->found >= hd->used)
if ( hd->found < 0 || hd->found >= hd->used)
return gpg_error (GPG_ERR_NOTHING_FOUND);
switch (hd->active[hd->found].type)
switch (hd->active[hd->found].type)
{
case KEYDB_RESOURCE_TYPE_NONE:
err = gpg_error (GPG_ERR_GENERAL); /* oops */
@ -639,7 +637,7 @@ keydb_get_flags (KEYDB_HANDLE hd, int which, int idx, unsigned int *value)
err = keybox_get_flags (hd->active[hd->found].u.kr, which, idx, value);
break;
}
return err;
}
@ -656,14 +654,14 @@ keydb_set_flags (KEYDB_HANDLE hd, int which, int idx, unsigned int value)
if (!hd)
return gpg_error (GPG_ERR_INV_VALUE);
if ( hd->found < 0 || hd->found >= hd->used)
if ( hd->found < 0 || hd->found >= hd->used)
return gpg_error (GPG_ERR_NOTHING_FOUND);
if (!hd->locked)
return gpg_error (GPG_ERR_NOT_LOCKED);
switch (hd->active[hd->found].type)
switch (hd->active[hd->found].type)
{
case KEYDB_RESOURCE_TYPE_NONE:
err = gpg_error (GPG_ERR_GENERAL); /* oops */
@ -672,12 +670,12 @@ keydb_set_flags (KEYDB_HANDLE hd, int which, int idx, unsigned int value)
err = keybox_set_flags (hd->active[hd->found].u.kr, which, idx, value);
break;
}
return err;
}
/*
* Insert a new Certificate into one of the resources.
/*
* Insert a new Certificate into one of the resources.
*/
int
keydb_insert_cert (KEYDB_HANDLE hd, ksba_cert_t cert)
@ -685,16 +683,16 @@ keydb_insert_cert (KEYDB_HANDLE hd, ksba_cert_t cert)
int rc = -1;
int idx;
unsigned char digest[20];
if (!hd)
if (!hd)
return gpg_error (GPG_ERR_INV_VALUE);
if (opt.dry_run)
return 0;
if ( hd->found >= 0 && hd->found < hd->used)
if ( hd->found >= 0 && hd->found < hd->used)
idx = hd->found;
else if ( hd->current >= 0 && hd->current < hd->used)
else if ( hd->current >= 0 && hd->current < hd->used)
idx = hd->current;
else
return gpg_error (GPG_ERR_GENERAL);
@ -704,7 +702,7 @@ keydb_insert_cert (KEYDB_HANDLE hd, ksba_cert_t cert)
gpgsm_get_fingerprint (cert, GCRY_MD_SHA1, digest, NULL); /* kludge*/
switch (hd->active[idx].type)
switch (hd->active[idx].type)
{
case KEYDB_RESOURCE_TYPE_NONE:
rc = gpg_error (GPG_ERR_GENERAL);
@ -713,7 +711,7 @@ keydb_insert_cert (KEYDB_HANDLE hd, ksba_cert_t cert)
rc = keybox_insert_cert (hd->active[idx].u.kr, cert, digest);
break;
}
unlock_all (hd);
return rc;
}
@ -726,11 +724,11 @@ keydb_update_cert (KEYDB_HANDLE hd, ksba_cert_t cert)
{
int rc = 0;
unsigned char digest[20];
if (!hd)
return gpg_error (GPG_ERR_INV_VALUE);
if ( hd->found < 0 || hd->found >= hd->used)
if ( hd->found < 0 || hd->found >= hd->used)
return -1; /* nothing found */
if (opt.dry_run)
@ -742,7 +740,7 @@ keydb_update_cert (KEYDB_HANDLE hd, ksba_cert_t cert)
gpgsm_get_fingerprint (cert, GCRY_MD_SHA1, digest, NULL); /* kludge*/
switch (hd->active[hd->found].type)
switch (hd->active[hd->found].type)
{
case KEYDB_RESOURCE_TYPE_NONE:
rc = gpg_error (GPG_ERR_GENERAL); /* oops */
@ -757,25 +755,25 @@ keydb_update_cert (KEYDB_HANDLE hd, ksba_cert_t cert)
}
/*
/*
* The current keyblock or cert will be deleted.
*/
int
keydb_delete (KEYDB_HANDLE hd, int unlock)
{
int rc = -1;
if (!hd)
return gpg_error (GPG_ERR_INV_VALUE);
if ( hd->found < 0 || hd->found >= hd->used)
if ( hd->found < 0 || hd->found >= hd->used)
return -1; /* nothing found */
if( opt.dry_run )
return 0;
if (!hd->locked)
return gpg_error (GPG_ERR_NOT_LOCKED);
return gpg_error (GPG_ERR_NOT_LOCKED);
switch (hd->active[hd->found].type)
{
@ -797,7 +795,7 @@ keydb_delete (KEYDB_HANDLE hd, int unlock)
/*
* Locate the default writable key resource, so that the next
* operation (which is only relevant for inserts) will be done on this
* resource.
* resource.
*/
int
keydb_locate_writable (KEYDB_HANDLE hd, const char *reserved)
@ -805,17 +803,17 @@ keydb_locate_writable (KEYDB_HANDLE hd, const char *reserved)
int rc;
(void)reserved;
if (!hd)
return gpg_error (GPG_ERR_INV_VALUE);
rc = keydb_search_reset (hd); /* this does reset hd->current */
if (rc)
return rc;
for ( ; hd->current >= 0 && hd->current < hd->used; hd->current++)
for ( ; hd->current >= 0 && hd->current < hd->used; hd->current++)
{
switch (hd->active[hd->current].type)
switch (hd->active[hd->current].type)
{
case KEYDB_RESOURCE_TYPE_NONE:
BUG();
@ -826,7 +824,7 @@ keydb_locate_writable (KEYDB_HANDLE hd, const char *reserved)
break;
}
}
return -1;
}
@ -837,7 +835,7 @@ void
keydb_rebuild_caches (void)
{
int i;
for (i=0; i < used_resources; i++)
{
if (all_resources[i].secret)
@ -858,23 +856,23 @@ keydb_rebuild_caches (void)
/*
/*
* Start the next search on this handle right at the beginning
*/
int
int
keydb_search_reset (KEYDB_HANDLE hd)
{
int i, rc = 0;
if (!hd)
return gpg_error (GPG_ERR_INV_VALUE);
hd->current = 0;
hd->current = 0;
hd->found = -1;
/* and reset all resources */
for (i=0; !rc && i < hd->used; i++)
for (i=0; !rc && i < hd->used; i++)
{
switch (hd->active[i].type)
switch (hd->active[i].type)
{
case KEYDB_RESOURCE_TYPE_NONE:
break;
@ -887,21 +885,21 @@ keydb_search_reset (KEYDB_HANDLE hd)
all modules*/
}
/*
/*
* Search through all keydb resources, starting at the current position,
* for a keyblock which contains one of the keys described in the DESC array.
*/
int
int
keydb_search (KEYDB_HANDLE hd, KEYDB_SEARCH_DESC *desc, size_t ndesc)
{
int rc = -1;
if (!hd)
return gpg_error (GPG_ERR_INV_VALUE);
while (rc == -1 && hd->current >= 0 && hd->current < hd->used)
while (rc == -1 && hd->current >= 0 && hd->current < hd->used)
{
switch (hd->active[hd->current].type)
switch (hd->active[hd->current].type)
{
case KEYDB_RESOURCE_TYPE_NONE:
BUG(); /* we should never see it here */
@ -911,12 +909,12 @@ keydb_search (KEYDB_HANDLE hd, KEYDB_SEARCH_DESC *desc, size_t ndesc)
break;
}
if (rc == -1) /* EOF -> switch to next resource */
hd->current++;
hd->current++;
else if (!rc)
hd->found = hd->current;
}
return rc;
return rc;
}
@ -924,7 +922,7 @@ int
keydb_search_first (KEYDB_HANDLE hd)
{
KEYDB_SEARCH_DESC desc;
memset (&desc, 0, sizeof desc);
desc.mode = KEYDB_SEARCH_MODE_FIRST;
return keydb_search (hd, &desc, 1);
@ -934,7 +932,7 @@ int
keydb_search_next (KEYDB_HANDLE hd)
{
KEYDB_SEARCH_DESC desc;
memset (&desc, 0, sizeof desc);
desc.mode = KEYDB_SEARCH_MODE_NEXT;
return keydb_search (hd, &desc, 1);
@ -946,7 +944,7 @@ keydb_search_kid (KEYDB_HANDLE hd, u32 *kid)
KEYDB_SEARCH_DESC desc;
(void)kid;
memset (&desc, 0, sizeof desc);
desc.mode = KEYDB_SEARCH_MODE_LONG_KID;
/* desc.u.kid[0] = kid[0]; */
@ -958,7 +956,7 @@ int
keydb_search_fpr (KEYDB_HANDLE hd, const byte *fpr)
{
KEYDB_SEARCH_DESC desc;
memset (&desc, 0, sizeof desc);
desc.mode = KEYDB_SEARCH_MODE_FPR;
memcpy (desc.u.fpr, fpr, 20);
@ -970,7 +968,7 @@ keydb_search_issuer (KEYDB_HANDLE hd, const char *issuer)
{
KEYDB_SEARCH_DESC desc;
int rc;
memset (&desc, 0, sizeof desc);
desc.mode = KEYDB_SEARCH_MODE_ISSUER;
desc.u.name = issuer;
@ -985,7 +983,7 @@ keydb_search_issuer_sn (KEYDB_HANDLE hd,
KEYDB_SEARCH_DESC desc;
int rc;
const unsigned char *s;
memset (&desc, 0, sizeof desc);
desc.mode = KEYDB_SEARCH_MODE_ISSUER_SN;
s = serial;
@ -1007,7 +1005,7 @@ keydb_search_subject (KEYDB_HANDLE hd, const char *name)
{
KEYDB_SEARCH_DESC desc;
int rc;
memset (&desc, 0, sizeof desc);
desc.mode = KEYDB_SEARCH_MODE_SUBJECT;
desc.u.name = name;
@ -1017,15 +1015,15 @@ keydb_search_subject (KEYDB_HANDLE hd, const char *name)
static int
classify_user_id (const char *name,
classify_user_id (const char *name,
KEYDB_SEARCH_DESC *desc,
int *force_exact )
{
const char *s;
int hexprefix = 0;
int hexlength;
int mode = 0;
int mode = 0;
/* clear the structure so that the mode field is set to zero unless
* we set it to the correct value right at the end of this function */
memset (desc, 0, sizeof *desc);
@ -1034,7 +1032,7 @@ classify_user_id (const char *name,
for(s = name; *s && spacep (s); s++ )
;
switch (*s)
switch (*s)
{
case 0: /* empty string is an error */
return 0;
@ -1084,9 +1082,9 @@ classify_user_id (const char *name,
break;
case '#':
{
{
const char *si;
s++;
if ( *s == '/')
{ /* "#/" indicates an issuer's DN */
@ -1096,7 +1094,7 @@ classify_user_id (const char *name,
desc->u.name = s;
mode = KEYDB_SEARCH_MODE_ISSUER;
}
else
else
{ /* serialnumber + optional issuer ID */
for (si=s; *si && *si != '/'; si++)
{
@ -1120,10 +1118,10 @@ classify_user_id (const char *name,
break;
case ':': /*Unified fingerprint */
{
{
const char *se, *si;
int i;
se = strchr (++s,':');
if (!se)
return 0;
@ -1134,21 +1132,21 @@ classify_user_id (const char *name,
}
if (i != 32 && i != 40)
return 0; /* invalid length of fpr*/
for (i=0,si=s; si < se; i++, si +=2)
for (i=0,si=s; si < se; i++, si +=2)
desc->u.fpr[i] = hextobyte(si);
for (; i < 20; i++)
desc->u.fpr[i]= 0;
s = se + 1;
mode = KEYDB_SEARCH_MODE_FPR;
}
}
break;
case '&': /* Keygrip*/
{
{
if (hex2bin (s+1, desc->u.grip, 20) < 0)
return 0; /* Invalid. */
mode = KEYDB_SEARCH_MODE_KEYGRIP;
}
}
break;
default:
@ -1164,17 +1162,17 @@ classify_user_id (const char *name,
*force_exact = 1;
hexlength++; /* just for the following check */
}
/* check if a hexadecimal number is terminated by EOS or blank */
if (hexlength && s[hexlength] && !spacep (s+hexlength))
if (hexlength && s[hexlength] && !spacep (s+hexlength))
{
if (hexprefix) /* a "0x" prefix without correct */
return 0; /* termination is an error */
/* The first chars looked like a hex number, but really is
not */
hexlength = 0;
hexlength = 0;
}
if (*force_exact)
hexlength--; /* remove the bang */
@ -1185,10 +1183,10 @@ classify_user_id (const char *name,
if (hexlength == 9)
s++;
kid = strtoul( s, NULL, 16 );
desc->u.kid[4] = kid >> 24;
desc->u.kid[5] = kid >> 16;
desc->u.kid[6] = kid >> 8;
desc->u.kid[7] = kid;
desc->u.kid[4] = kid >> 24;
desc->u.kid[5] = kid >> 16;
desc->u.kid[6] = kid >> 8;
desc->u.kid[7] = kid;
mode = KEYDB_SEARCH_MODE_SHORT_KID;
}
else if (hexlength == 16
@ -1201,14 +1199,14 @@ classify_user_id (const char *name,
mem2str(buf, s, 9 );
kid0 = strtoul (buf, NULL, 16);
kid1 = strtoul (s+8, NULL, 16);
desc->u.kid[0] = kid0 >> 24;
desc->u.kid[1] = kid0 >> 16;
desc->u.kid[2] = kid0 >> 8;
desc->u.kid[3] = kid0;
desc->u.kid[4] = kid1 >> 24;
desc->u.kid[5] = kid1 >> 16;
desc->u.kid[6] = kid1 >> 8;
desc->u.kid[7] = kid1;
desc->u.kid[0] = kid0 >> 24;
desc->u.kid[1] = kid0 >> 16;
desc->u.kid[2] = kid0 >> 8;
desc->u.kid[3] = kid0;
desc->u.kid[4] = kid1 >> 24;
desc->u.kid[5] = kid1 >> 16;
desc->u.kid[6] = kid1 >> 8;
desc->u.kid[7] = kid1;
mode = KEYDB_SEARCH_MODE_LONG_KID;
}
else if (hexlength == 32
@ -1217,8 +1215,8 @@ classify_user_id (const char *name,
int i;
if (hexlength == 33)
s++;
memset(desc->u.fpr+16, 0, 4);
for (i=0; i < 16; i++, s+=2)
memset(desc->u.fpr+16, 0, 4);
for (i=0; i < 16; i++, s+=2)
{
int c = hextobyte(s);
if (c == -1)
@ -1233,7 +1231,7 @@ classify_user_id (const char *name,
int i;
if (hexlength == 41)
s++;
for (i=0; i < 20; i++, s+=2)
for (i=0; i < 20; i++, s+=2)
{
int c = hextobyte(s);
if (c == -1)
@ -1243,16 +1241,16 @@ classify_user_id (const char *name,
mode = KEYDB_SEARCH_MODE_FPR20;
}
else if (!hexprefix)
{
{
/* The fingerprint in an X.509 listing is often delimited by
colons, so we try to single this case out. */
mode = 0;
hexlength = strspn (s, ":0123456789abcdefABCDEF");
if (hexlength == 59 && (!s[hexlength] || spacep (s+hexlength)))
if (hexlength == 59 && (!s[hexlength] || spacep (s+hexlength)))
{
int i;
for (i=0; i < 20; i++, s += 3)
for (i=0; i < 20; i++, s += 3)
{
int c = hextobyte(s);
if (c == -1 || (i < 19 && s[2] != ':'))
@ -1263,10 +1261,10 @@ classify_user_id (const char *name,
mode = KEYDB_SEARCH_MODE_FPR20;
}
if (!mode) /* default is substring search */
{
{
*force_exact = 0;
desc->u.name = s;
mode = KEYDB_SEARCH_MODE_SUBSTR;
mode = KEYDB_SEARCH_MODE_SUBSTR;
}
}
else
@ -1274,7 +1272,7 @@ classify_user_id (const char *name,
return 0;
}
}
desc->mode = mode;
return mode;
}
@ -1324,7 +1322,7 @@ keydb_store_cert (ksba_cert_t cert, int ephemeral, int *existed)
if (ephemeral)
keydb_set_ephemeral (kh, 1);
rc = lock_all (kh);
if (rc)
return rc;
@ -1359,7 +1357,7 @@ keydb_store_cert (ksba_cert_t cert, int ephemeral, int *existed)
keydb_release (kh);
return rc;
}
keydb_release (kh);
keydb_release (kh);
return 0;
}
@ -1368,8 +1366,8 @@ keydb_store_cert (ksba_cert_t cert, int ephemeral, int *existed)
transaction by locating the certificate in the DB and updating the
flags. */
gpg_error_t
keydb_set_cert_flags (ksba_cert_t cert, int ephemeral,
int which, int idx,
keydb_set_cert_flags (ksba_cert_t cert, int ephemeral,
int which, int idx,
unsigned int mask, unsigned int value)
{
KEYDB_HANDLE kh;
@ -1434,7 +1432,7 @@ keydb_set_cert_flags (ksba_cert_t cert, int ephemeral,
}
}
keydb_release (kh);
keydb_release (kh);
return 0;
}
@ -1453,7 +1451,7 @@ keydb_clear_some_cert_flags (ctrl_t ctrl, strlist_t names)
unsigned int old_value, value;
(void)ctrl;
hd = keydb_new (0);
if (!hd)
{
@ -1465,7 +1463,7 @@ keydb_clear_some_cert_flags (ctrl_t ctrl, strlist_t names)
ndesc = 1;
else
{
for (sl=names, ndesc=0; sl; sl = sl->next, ndesc++)
for (sl=names, ndesc=0; sl; sl = sl->next, ndesc++)
;
}
@ -1479,9 +1477,9 @@ keydb_clear_some_cert_flags (ctrl_t ctrl, strlist_t names)
if (!names)
desc[0].mode = KEYDB_SEARCH_MODE_FIRST;
else
else
{
for (ndesc=0, sl=names; sl; sl = sl->next)
for (ndesc=0, sl=names; sl; sl = sl->next)
{
rc = keydb_classify_name (sl->d, desc+ndesc);
if (rc)
@ -1504,7 +1502,7 @@ keydb_clear_some_cert_flags (ctrl_t ctrl, strlist_t names)
while (!(rc = keydb_search (hd, desc, ndesc)))
{
if (!names)
if (!names)
desc[0].mode = KEYDB_SEARCH_MODE_NEXT;
err = keydb_get_flags (hd, KEYBOX_FLAG_VALIDITY, 0, &old_value);
@ -1514,7 +1512,7 @@ keydb_clear_some_cert_flags (ctrl_t ctrl, strlist_t names)
gpg_strerror (err));
goto leave;
}
value = (old_value & ~VALIDITY_REVOKED);
if (value != old_value)
{
@ -1528,7 +1526,7 @@ keydb_clear_some_cert_flags (ctrl_t ctrl, strlist_t names)
}
if (rc && rc != -1)
log_error ("keydb_search failed: %s\n", gpg_strerror (rc));
leave:
xfree (desc);
keydb_release (hd);

37
tools/ChangeLog
View File

@ -1,3 +1,10 @@
2011-08-04 Werner Koch <wk@g10code.com>
* symcryptrun.c: Include utmp.h for login_tty.
* gpgconf-comp.c (gc_process_gpgconf_conf): Remove unsued var
USED_COMPONENTS.
2011-01-11 Werner Koch <wk@g10code.com>
* gpgtar.c, gpgtar.h, gpgtar-create.c, gpgtar-extract.c
@ -164,7 +171,7 @@
* gpgconf-comp.c (my_percent_escape): Make non-static and rename
to ...
(gc_percent_escape): ... this. Change all callers.
2008-05-26 Werner Koch <wk@g10code.com>
* gpgconf-comp.c (gpg_agent_runtime_change) [W32]: Issue
@ -286,7 +293,7 @@
(handle_inquire): Implement new command.
(substitute_line_copy): New.
(unescape_string, unpercent_string): New.
* no-libgcrypt.c (gcry_set_outofcore_handler)
* no-libgcrypt.c (gcry_set_outofcore_handler)
(gcry_set_fatalerror_handler, gcry_set_log_handler): New.
* Makefile.am (gpg_connect_agent_LDADD): Link to libreadline.
@ -508,7 +515,7 @@
min-passphrase-length. Apply new flag to some of them.
(gc_process_gpgconf_conf, key_matches_user_or_group): New.
(gc_component_change_options): Factor some code out to ..
(change_one_value): .. new.
(change_one_value): .. new.
(gc_component_retrieve_options): Allow -1 for COMPONENT to iterate
over al components.
* gpgconf.c (main): New commands --check-config and
@ -551,7 +558,7 @@
2006-10-20 Werner Koch <wk@g10code.com>
* gpgsm-gencert.sh: Enhanced the main menu.
* gpgsm-gencert.sh: Enhanced the main menu.
2006-10-12 Werner Koch <wk@g10code.com>
@ -683,7 +690,7 @@
2005-06-01 Werner Koch <wk@g10code.com>
* symcryptrun.c: Include mkdtemp.h.
* symcryptrun.c: Include mkdtemp.h.
2005-05-31 Werner Koch <wk@g10code.com>
@ -737,7 +744,7 @@
2005-04-11 Marcus Brinkmann <marcus@g10code.de>
* symcryptrun.c: Implement config file parsing.
* Makefile.am (bin_PROGRAMS): Add symcryptrun.
(symcryptrun_SOURCES, symcryptrun_LDADD): New variables.
* symcryptrun.c: New file.
@ -757,7 +764,7 @@
2005-02-24 Werner Koch <wk@g10code.com>
* gpg-connect-agent.c: New.
* Makefile.am: Add it.
* Makefile.am: Add it.
2004-12-21 Werner Koch <wk@g10code.com>
@ -801,7 +808,7 @@
2004-10-01 Werner Koch <wk@g10code.com>
* gpgconf-comp.c: Made all strings for --log-file read the same.
2004-10-01 Werner Koch <wk@g10code.com>
* gpgconf-comp.c (my_dgettext): Also switch codeset and directory
@ -833,8 +840,8 @@
* no-libgcrypt.c (gcry_realloc, gcry_xmalloc, gcry_xcalloc): New.
* gpgconf-comp.c (retrieve_options_from_program)
(retrieve_options_from_file, change_options_file)
* gpgconf-comp.c (retrieve_options_from_program)
(retrieve_options_from_file, change_options_file)
(change_options_program, gc_component_change_options): Replaced
getline by read_line and test for allocation failure.
@ -902,7 +909,7 @@
(gc_component_change_options): New variable runtime. Initialize
it. If an option is changed that has the GC_OPT_FLAG_RUNTIME bit
set, also set the corresponding runtime variable. Finally, call
the runtime_change callback of the backend if needed.
the runtime_change callback of the backend if needed.
2004-03-16 Werner Koch <wk@gnupg.org>
@ -993,7 +1000,7 @@
quote in pathname.
(change_options_program): Percent deescape string before writing
it out.
* gpgconf-comp.c (gc_component_list_options): Do not skip groups
on output.
@ -1027,10 +1034,10 @@
* gpgconf-comp.c: Use xmalloc, libcommon's asctimestamp and
gnupg_get_time, fix error() invocation and use getline()
consistently.
2004-01-30 Werner Koch <wk@gnupg.org>
* addgnupghome: Also set the group of copied files.
* addgnupghome: Also set the group of copied files.
2004-01-30 Werner Koch <wk@gnupg.org>
@ -1058,7 +1065,7 @@
2004-01-10 Werner Koch <wk@gnupg.org>
* Makefile.am: Use GPG_ERROR_CFLAGS
2004-01-05 Werner Koch <wk@gnupg.org>
* Manifest: New.

156
tools/gpgconf-comp.c
View File

@ -179,13 +179,13 @@ static struct
NULL, "gpgconf-gpg.conf" },
{ "GPGSM", "gpgsm", GNUPG_MODULE_NAME_GPGSM,
NULL, "gpgconf-gpgsm.conf" },
{ "GPG Agent", "gpg-agent", GNUPG_MODULE_NAME_AGENT,
{ "GPG Agent", "gpg-agent", GNUPG_MODULE_NAME_AGENT,
gpg_agent_runtime_change, "gpgconf-gpg-agent.conf" },
{ "SCDaemon", "scdaemon", GNUPG_MODULE_NAME_SCDAEMON,
scdaemon_runtime_change, "gpgconf-scdaemon.conf" },
{ "DirMngr", "dirmngr", GNUPG_MODULE_NAME_DIRMNGR,
NULL, "gpgconf-dirmngr.conf" },
{ "DirMngr LDAP Server List", NULL, 0,
{ "DirMngr LDAP Server List", NULL, 0,
NULL, "ldapserverlist-file", "LDAP Server" },
};
@ -400,17 +400,17 @@ struct gc_option
/* A gettext domain in which the following description can be found.
If this is NULL, then DESC is not translated. Valid for groups
and options.
Note that we try to keep the description of groups within the
gnupg domain.
gnupg domain.
IMPORTANT: If you add a new domain please make sure to add a code
set switching call to the function my_dgettext further below. */
const char *desc_domain;
/* A gettext description for this group or option. If it starts
with a '|', then the string up to the next '|' describes the
argument, and the description follows the second '|'.
argument, and the description follows the second '|'.
In general enclosing these description in N_() is not required
because the description should be identical to the one in the
@ -508,7 +508,7 @@ static gc_option_t gc_options_gpg_agent[] =
GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
"gnupg", N_("Options controlling the security") },
{ "default-cache-ttl", GC_OPT_FLAG_RUNTIME,
GC_LEVEL_BASIC, "gnupg",
GC_LEVEL_BASIC, "gnupg",
"|N|expire cached PINs after N seconds",
GC_ARG_TYPE_UINT32, GC_BACKEND_GPG_AGENT },
{ "default-cache-ttl-ssh", GC_OPT_FLAG_RUNTIME,
@ -520,7 +520,7 @@ static gc_option_t gc_options_gpg_agent[] =
N_("|N|set maximum PIN cache lifetime to N seconds"),
GC_ARG_TYPE_UINT32, GC_BACKEND_GPG_AGENT },
{ "max-cache-ttl-ssh", GC_OPT_FLAG_RUNTIME,
GC_LEVEL_EXPERT, "gnupg",
GC_LEVEL_EXPERT, "gnupg",
N_("|N|set maximum SSH key lifetime to N seconds"),
GC_ARG_TYPE_UINT32, GC_BACKEND_GPG_AGENT },
{ "ignore-cache-for-signing", GC_OPT_FLAG_RUNTIME,
@ -536,16 +536,16 @@ static gc_option_t gc_options_gpg_agent[] =
{ "Passphrase policy",
GC_OPT_FLAG_GROUP, GC_LEVEL_ADVANCED,
"gnupg", N_("Options enforcing a passphrase policy") },
{ "enforce-passphrase-constraints", GC_OPT_FLAG_RUNTIME,
GC_LEVEL_EXPERT, "gnupg",
{ "enforce-passphrase-constraints", GC_OPT_FLAG_RUNTIME,
GC_LEVEL_EXPERT, "gnupg",
N_("do not allow to bypass the passphrase policy"),
GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
{ "min-passphrase-len", GC_OPT_FLAG_RUNTIME,
GC_LEVEL_ADVANCED, "gnupg",
GC_LEVEL_ADVANCED, "gnupg",
N_("|N|set minimal required length for new passphrases to N"),
GC_ARG_TYPE_UINT32, GC_BACKEND_GPG_AGENT },
{ "min-passphrase-nonalpha", GC_OPT_FLAG_RUNTIME,
GC_LEVEL_EXPERT, "gnupg",
GC_LEVEL_EXPERT, "gnupg",
N_("|N|require at least N non-alpha characters for a new passphrase"),
GC_ARG_TYPE_UINT32, GC_BACKEND_GPG_AGENT },
{ "check-passphrase-pattern", GC_OPT_FLAG_RUNTIME,
@ -553,11 +553,11 @@ static gc_option_t gc_options_gpg_agent[] =
"gnupg", N_("|FILE|check new passphrases against pattern in FILE"),
GC_ARG_TYPE_FILENAME, GC_BACKEND_GPG_AGENT },
{ "max-passphrase-days", GC_OPT_FLAG_RUNTIME,
GC_LEVEL_EXPERT, "gnupg",
GC_LEVEL_EXPERT, "gnupg",
N_("|N|expire the passphrase after N days"),
GC_ARG_TYPE_UINT32, GC_BACKEND_GPG_AGENT },
{ "enable-passphrase-history", GC_OPT_FLAG_RUNTIME,
GC_LEVEL_EXPERT, "gnupg",
{ "enable-passphrase-history", GC_OPT_FLAG_RUNTIME,
GC_LEVEL_EXPERT, "gnupg",
N_("do not allow the reuse of old passphrases"),
GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
@ -816,7 +816,7 @@ static gc_option_t gc_options_dirmngr[] =
{ "csh", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
"dirmngr", "csh-style command output",
GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
{ "Configuration",
GC_OPT_FLAG_GROUP, GC_LEVEL_EXPERT,
"gnupg", N_("Options controlling the configuration") },
@ -1031,11 +1031,11 @@ gpg_agent_runtime_change (void)
const char *pgmname;
const char *argv[2];
pid_t pid;
pgmname = gnupg_module_name (GNUPG_MODULE_NAME_CONNECT_AGENT);
argv[0] = "reloadagent";
argv[1] = NULL;
err = gnupg_spawn_process_fd (pgmname, argv, -1, -1, -1, &pid);
if (!err)
err = gnupg_wait_process (pgmname, pid, NULL);
@ -1053,7 +1053,7 @@ scdaemon_runtime_change (void)
const char *pgmname;
const char *argv[6];
pid_t pid;
/* We use "GETINFO app_running" to see whether the agent is already
running and kill it only in this case. This avoids an explicit
starting of the agent in case it is not yet running. There is
@ -1066,7 +1066,7 @@ scdaemon_runtime_change (void)
argv[3] = "scd killscd";
argv[4] = "/end";
argv[5] = NULL;
err = gnupg_spawn_process_fd (pgmname, argv, -1, -1, -1, &pid);
if (!err)
err = gnupg_wait_process (pgmname, pid, NULL);
@ -1087,7 +1087,7 @@ gc_component_reload (int component)
/* Set a flag for the backends to be reloaded. */
for (backend = 0; backend < GC_BACKEND_NR; backend++)
runtime[backend] = 0;
if (component == -1)
{
for (component = 0; component < GC_COMPONENT_NR; component++)
@ -1106,7 +1106,7 @@ gc_component_reload (int component)
}
/* Do the reload for all selected backends. */
for (backend = 0; backend < GC_BACKEND_NR; backend++)
for (backend = 0; backend < GC_BACKEND_NR; backend++)
{
if (runtime[backend] && gc_backend[backend].runtime_change)
(*gc_backend[backend].runtime_change) ();
@ -1129,7 +1129,7 @@ my_dgettext (const char *domain, const char *msgid)
{
static int switched_codeset;
char *text;
if (!switched_codeset)
{
switched_codeset = 1;
@ -1149,7 +1149,7 @@ my_dgettext (const char *domain, const char *msgid)
{
static int switched_codeset;
char *text;
if (!switched_codeset)
{
switched_codeset = 1;
@ -1157,7 +1157,7 @@ my_dgettext (const char *domain, const char *msgid)
bindtextdomain ("dirmngr", LOCALEDIR);
bind_textdomain_codeset ("dirmngr", "utf-8");
}
/* Note: This is a hack to actually use the gnupg2 domain as
@ -1202,7 +1202,7 @@ gc_percent_escape (const char *src)
*(dst++) = '%';
*(dst++) = '2';
*(dst++) = '5';
}
}
else if (*src == ':')
{
/* The colon is used as field separator. */
@ -1258,7 +1258,7 @@ percent_deescape (const char *src)
*(dst++) = (char) val;
src += 3;
}
}
else
*(dst++) = *(src++);
}
@ -1357,7 +1357,7 @@ collect_error_output (int fd, const char *tag)
buffer[pos - (c == '\n')] = 0;
if (cont_line)
; /*Ignore continuations of previous line. */
else if (!strncmp (buffer, tag, taglen) && buffer[taglen] == ':')
else if (!strncmp (buffer, tag, taglen) && buffer[taglen] == ':')
{
/* "gpgsm: foo:4: bla" */
/* Yep, we are interested in this line. */
@ -1406,7 +1406,7 @@ collect_error_output (int fd, const char *tag)
cont_line = (c != '\n');
}
}
/* We ignore error lines not terminated by a LF. */
fclose (fp);
@ -1469,12 +1469,12 @@ gc_component_check_options (int component, FILE *out, const char *conf_file)
}
argv[i++] = "--gpgconf-test";
argv[i++] = NULL;
err = gnupg_create_inbound_pipe (filedes);
if (err)
gc_error (1, 0, _("error creating a pipe: %s\n"),
gc_error (1, 0, _("error creating a pipe: %s\n"),
gpg_strerror (err));
result = 0;
errlines = NULL;
if (gnupg_spawn_process_fd (pgmname, argv, -1, -1, filedes[1], &pid))
@ -1483,10 +1483,10 @@ gc_component_check_options (int component, FILE *out, const char *conf_file)
close (filedes[1]);
result |= 1; /* Program could not be run. */
}
else
else
{
close (filedes[1]);
errlines = collect_error_output (filedes[0],
errlines = collect_error_output (filedes[0],
gc_component[component].name);
if (gnupg_wait_process (pgmname, pid, &exitcode))
{
@ -1496,12 +1496,12 @@ gc_component_check_options (int component, FILE *out, const char *conf_file)
result |= 2; /* Program returned an error. */
}
}
/* If the program could not be run, we can't tell whether
the config file is good. */
if (result & 1)
result |= 2;
result |= 2;
if (out)
{
const char *desc;
@ -1608,7 +1608,7 @@ list_one_option (const gc_option_t *option, FILE *out)
if (opt.verbose)
{
putc (' ', out);
if (!option->flags)
fprintf (out, "none");
else
@ -1640,7 +1640,7 @@ list_one_option (const gc_option_t *option, FILE *out)
/* The description field. */
fprintf (out, ":%s", desc ? gc_percent_escape (desc) : "");
/* The type field. */
fprintf (out, ":%u", option->arg_type);
if (opt.verbose)
@ -1682,7 +1682,7 @@ list_one_option (const gc_option_t *option, FILE *out)
/* List all options of the component COMPONENT. */
void
gc_component_list_options (int component, FILE *out)
{
{
const gc_option_t *option = gc_component[component].options;
while (option && option->name)
@ -1705,7 +1705,7 @@ gc_component_list_options (int component, FILE *out)
different active options, and because it is hard to
maintain manually, we calculate it here. The value in
the global static table is ignored. */
while (group_option->name)
{
if (group_option->flags & GC_OPT_FLAG_GROUP)
@ -1778,7 +1778,7 @@ get_config_filename (gc_component_t component, gc_backend_t backend)
filename = "";
#ifdef HAVE_DOSISH_SYSTEM
if (!(filename[0]
if (!(filename[0]
&& filename[1] == ':'
&& (filename[2] == '/' || filename[2] == '\\')))
#else
@ -1813,8 +1813,8 @@ retrieve_options_from_program (gc_component_t component, gc_backend_t backend)
if (err)
gc_error (1, 0, _("error creating a pipe: %s\n"), gpg_strerror (err));
pgmname = (gc_backend[backend].module_name
? gnupg_module_name (gc_backend[backend].module_name)
pgmname = (gc_backend[backend].module_name
? gnupg_module_name (gc_backend[backend].module_name)
: gc_backend[backend].program );
argv[0] = "--gpgconf-list";
argv[1] = NULL;
@ -1838,7 +1838,7 @@ retrieve_options_from_program (gc_component_t component, gc_backend_t backend)
char *linep;
unsigned long flags = 0;
char *default_value = NULL;
/* Strip newline and carriage return, if present. */
while (length > 0
&& (line[length - 1] == '\n' || line[length - 1] == '\r'))
@ -1847,7 +1847,7 @@ retrieve_options_from_program (gc_component_t component, gc_backend_t backend)
linep = strchr (line, ':');
if (linep)
*(linep++) = '\0';
/* Extract additional flags. Default to none. */
if (linep)
{
@ -1926,7 +1926,7 @@ retrieve_options_from_program (gc_component_t component, gc_backend_t backend)
char *name;
char *value;
gc_option_t *option;
name = line;
while (*name == ' ' || *name == '\t')
name++;
@ -2013,7 +2013,7 @@ retrieve_options_from_program (gc_component_t component, gc_backend_t backend)
/* Retrieve the options for the component COMPONENT from backend
BACKEND, which we already know is of type file list. */
BACKEND, which we already know is of type file list. */
static void
retrieve_options_from_file (gc_component_t component, gc_backend_t backend)
{
@ -2110,7 +2110,7 @@ gc_component_retrieve_options (int component)
component = 0;
assert (component < GC_COMPONENT_NR);
}
do
{
option = gc_component[component].options;
@ -2120,16 +2120,16 @@ gc_component_retrieve_options (int component)
if (!(option->flags & GC_OPT_FLAG_GROUP))
{
backend = option->backend;
if (backend_seen[backend])
{
option++;
continue;
}
backend_seen[backend] = 1;
assert (backend != GC_BACKEND_ANY);
if (gc_backend[backend].program)
retrieve_options_from_program (component, backend);
else
@ -2156,7 +2156,7 @@ option_check_validity (gc_option_t *option, unsigned long flags,
if (!option->active)
gc_error (1, 0, "option %s not supported by backend %s",
option->name, gc_backend[option->backend].name);
if (option->new_flags || option->new_value)
gc_error (1, 0, "option %s already changed", option->name);
@ -2805,10 +2805,10 @@ change_options_program (gc_component_t component, gc_backend_t backend,
== GC_ARG_TYPE_STRING)
{
char *end;
assert (*arg == '"');
arg++;
end = strchr (arg, ',');
if (end)
*end = '\0';
@ -2986,16 +2986,16 @@ gc_component_change_options (int component, FILE *in, FILE *out)
char *linep;
unsigned long flags = 0;
char *new_value = "";
/* Strip newline and carriage return, if present. */
while (length > 0
&& (line[length - 1] == '\n' || line[length - 1] == '\r'))
line[--length] = '\0';
linep = strchr (line, ':');
if (linep)
*(linep++) = '\0';
/* Extract additional flags. Default to none. */
if (linep)
{
@ -3005,20 +3005,20 @@ gc_component_change_options (int component, FILE *in, FILE *out)
end = strchr (linep, ':');
if (end)
*(end++) = '\0';
errno = 0;
flags = strtoul (linep, &tail, 0);
if (errno)
gc_error (1, errno, "malformed flags in option %s", line);
if (!(*tail == '\0' || *tail == ':' || *tail == ' '))
gc_error (1, 0, "garbage after flags in option %s", line);
linep = end;
}
/* Don't allow setting of the no change flag. */
flags &= ~GC_OPT_FLAG_NO_CHANGE;
/* Extract default value, if present. Default to empty if not. */
if (linep)
{
@ -3029,18 +3029,18 @@ gc_component_change_options (int component, FILE *in, FILE *out)
new_value = linep;
linep = end;
}
option = find_option (component, line, GC_BACKEND_ANY);
if (!option)
gc_error (1, 0, "unknown option %s", line);
if ((option->flags & GC_OPT_FLAG_NO_CHANGE))
{
gc_error (0, 0, "ignoring new value for option %s",
option->name);
continue;
}
change_one_value (option, runtime, flags, new_value);
}
}
@ -3086,10 +3086,10 @@ gc_component_change_options (int component, FILE *in, FILE *out)
&src_filename[option->backend],
&dest_filename[option->backend],
&orig_filename[option->backend]);
if (err)
break;
option++;
}
@ -3178,14 +3178,14 @@ gc_component_change_options (int component, FILE *in, FILE *out)
/* If it all worked, notify the daemons of the changes. */
if (opt.runtime)
for (backend = 0; backend < GC_BACKEND_NR; backend++)
for (backend = 0; backend < GC_BACKEND_NR; backend++)
{
if (runtime[backend] && gc_backend[backend].runtime_change)
(*gc_backend[backend].runtime_change) ();
}
/* Move the per-process backup file into its place. */
for (backend = 0; backend < GC_BACKEND_NR; backend++)
for (backend = 0; backend < GC_BACKEND_NR; backend++)
if (orig_filename[backend])
{
char *backup_filename;
@ -3222,7 +3222,7 @@ key_matches_user_or_group (char *user)
*group++ = 0;
#ifdef HAVE_W32_SYSTEM
/* Under Windows we don't support groups. */
/* Under Windows we don't support groups. */
if (group && *group)
gc_error (0, 0, _("Note that group specifications are ignored\n"));
if (*user)
@ -3333,7 +3333,6 @@ gc_process_gpgconf_conf (const char *fname_arg, int update, int defaults,
int in_rule = 0;
int got_match = 0;
int runtime[GC_BACKEND_NR];
int used_components[GC_COMPONENT_NR];
int backend_id, component_id;
char *fname;
@ -3344,8 +3343,6 @@ gc_process_gpgconf_conf (const char *fname_arg, int update, int defaults,
for (backend_id = 0; backend_id < GC_BACKEND_NR; backend_id++)
runtime[backend_id] = 0;
for (component_id = 0; component_id < GC_COMPONENT_NR; component_id++)
used_components[component_id] = 0;
config = fopen (fname, "r");
if (!config)
@ -3368,7 +3365,7 @@ gc_process_gpgconf_conf (const char *fname_arg, int update, int defaults,
gc_option_t *option_info = NULL;
char *p;
int is_continuation;
lineno++;
key = line;
while (*key == ' ' || *key == '\t')
@ -3533,26 +3530,26 @@ gc_process_gpgconf_conf (const char *fname_arg, int update, int defaults,
*group++ = 0;
if ((p = strchr (group, ':')))
*p = 0; /* We better strip any extra stuff. */
}
}
fprintf (listfp, "k:%s:", gc_percent_escape (key));
fprintf (listfp, "%s\n", group? gc_percent_escape (group):"");
}
/* All other lines are rule records. */
fprintf (listfp, "r:::%s:%s:%s:",
gc_component[component_id].name,
gc_component[component_id].name,
option_info->name? option_info->name : "",
flags? flags : "");
if (value != empty)
fprintf (listfp, "\"%s", gc_percent_escape (value));
putc ('\n', listfp);
}
/* Check whether the key matches but do this only if we are not
running in syntax check mode. */
if ( update
if ( update
&& !result && !listfp
&& (got_match || (key && key_matches_user_or_group (key))) )
{
@ -3573,7 +3570,6 @@ gc_process_gpgconf_conf (const char *fname_arg, int update, int defaults,
if (defaults)
{
assert (component_id >= 0 && component_id < GC_COMPONENT_NR);
used_components[component_id] = 1;
/* Here we explicitly allow to update the value again. */
if (newflags)
@ -3616,7 +3612,7 @@ gc_process_gpgconf_conf (const char *fname_arg, int update, int defaults,
if (opt.runtime)
{
for (backend_id = 0; backend_id < GC_BACKEND_NR; backend_id++)
for (backend_id = 0; backend_id < GC_BACKEND_NR; backend_id++)
if (runtime[backend_id] && gc_backend[backend_id].runtime_change)
(*gc_backend[backend_id].runtime_change) ();
}

41
tools/symcryptrun.c
View File

@ -72,14 +72,17 @@
#include <sys/types.h>
#include <sys/wait.h>
#ifdef HAVE_PTY_H
#include <pty.h>
# include <pty.h>
#endif
#ifdef HAVE_UTMP_H
# include <utmp.h>
#endif
#include <ctype.h>
#ifdef HAVE_LOCALE_H
#include <locale.h>
# include <locale.h>
#endif
#ifdef HAVE_LANGINFO_CODESET
#include <langinfo.h>
# include <langinfo.h>
#endif
#include <gpg-error.h>
@ -152,9 +155,9 @@ static ARGPARSE_OPTS opts[] =
{ oDecrypt, "decrypt", 0, N_("decryption modus") },
{ oEncrypt, "encrypt", 0, N_("encryption modus") },
{ 302, NULL, 0, N_("@\nOptions:\n ") },
{ oClass, "class", 2, N_("tool class (confucius)") },
{ oProgram, "program", 2, N_("program filename") },
@ -167,7 +170,7 @@ static ARGPARSE_OPTS opts[] =
/* Hidden options. */
{ oNoVerbose, "no-verbose", 0, "@" },
{ oHomedir, "homedir", 2, "@" },
{ oHomedir, "homedir", 2, "@" },
{ oNoOptions, "no-options", 0, "@" },/* shortcut for --options /dev/null */
{0}
@ -253,10 +256,10 @@ remove_file (char *name, int shred)
if (pid == 0)
{
/* Child. */
/* -f forces file to be writable, and -u unlinks it afterwards. */
char *args[] = { SHRED, "-uf", name, NULL };
execv (SHRED, args);
_exit (127);
}
@ -268,11 +271,11 @@ remove_file (char *name, int shred)
else
{
/* Parent. */
if (TEMP_FAILURE_RETRY (waitpid (pid, &status, 0)) != pid)
status = -1;
}
if (!WIFEXITED (status))
{
log_error (_("%s on %s aborted with status %i\n"),
@ -427,7 +430,7 @@ confucius_get_pass (const char *cacheid, int again, int *canceled)
if (canceled)
*canceled = 0;
orig_codeset = i18n_switchto_utf8 ();
pw = simple_pwquery (cacheid,
again ? _("does not match - try again"):NULL,
@ -445,7 +448,7 @@ confucius_get_pass (const char *cacheid, int again, int *canceled)
log_info (_("cancelled\n"));
if (canceled)
*canceled = 1;
}
}
}
return pw;
@ -554,7 +557,7 @@ confucius_process (int mode, char *infile, char *outfile,
free (args);
return 1;
}
else if (pid == 0)
else if (pid == 0)
{
/* Child. */
@ -627,7 +630,7 @@ confucius_process (int mode, char *infile, char *outfile,
close (cstderr[0]);
return 1;
}
else
else
{
char *newline;
@ -853,7 +856,7 @@ confucius_main (int mode, int argc, char *argv[])
rmdir (tmpdir);
return res;
}
remove_file (outfile, mode == oDecrypt);
if (infile_from_stdin)
remove_file (infile, mode == oEncrypt);
@ -873,7 +876,7 @@ main (int argc, char **argv)
char **orig_argv;
FILE *configfp = NULL;
char *configname = NULL;
unsigned configlineno;
unsigned configlineno;
int mode = 0;
int res;
char *logfile = NULL;
@ -910,7 +913,7 @@ main (int argc, char **argv)
if (default_config)
configname = make_filename (opt.homedir, "symcryptrun.conf", NULL );
argc = orig_argc;
argv = orig_argv;
pargs.argc = &argc;
@ -929,7 +932,7 @@ main (int argc, char **argv)
configname, strerror(errno) );
exit(1);
}
xfree (configname);
xfree (configname);
configname = NULL;
}
default_config = 0;
@ -946,7 +949,7 @@ main (int argc, char **argv)
case oQuiet: opt.quiet = 1; break;
case oVerbose: opt.verbose++; break;
case oNoVerbose: opt.verbose = 0; break;
case oClass: opt.class = pargs.r.ret_str; break;
case oProgram: opt.program = pargs.r.ret_str; break;
case oKeyfile: opt.keyfile = pargs.r.ret_str; break;